
|
Nessus Scan Report |
Wed, 12 Apr 2017 01:00:14 W. Europe Standard Time |
|
Table Of Contents
Vulnerabilities By Host
| [-] Collapse All |
| [+] Expand All |
192.168.109.5
Scan Information
| Start time: |
Wed Apr 12 01:03:31 2017 |
| End time: |
Wed Apr 12 01:04:40 2017 |
Host Information
Results Summary
| Critical |
High |
Medium |
Low |
Info |
Total |
| 0 |
0 |
0 |
0 |
8 |
8 |
Results Details
0/tcp
|
19506 - Nessus Scan Information |
[-/+] |
Synopsis
This plugin displays information about the Nessus scan.Description
This plugin displays, for each tested host, information about the scan itself : - The version of the plugin set. - The type of scanner (Nessus or Nessus Home). - The version of the Nessus Engine. - The port scanner(s) used. - The port range scanned. - Whether credentialed or third-party patch management checks are possible. - The date of the scan. - The duration of the scan. - The number of hosts scanned in parallel. - The number of checks done in parallel.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2005/08/26, Modification date: 2017/02/24Ports
tcp/0
Information about this scan : Nessus version : 6.10.4 Plugin feed version : 201704110615 Scanner edition used : Nessus Scan type : Normal Scan policy used : Credentialed Patch Audit Scanner IP : 192.168.109.112 Port scanner(s) : snmp_scanner Port range : 1-65535 Thorough tests : no Experimental tests : no Paranoia level : 1 Report verbosity : 1 Safe checks : yes Optimize the test : yes Credentialed checks : no Patch management checks : None CGI scanning : disabled Web application tests : disabled Max hosts : 30 Max checks : 4 Recv timeout : 5 Backports : None Allow post-scan editing: Yes Scan Start Date : 2017/4/12 1:03 W. Europe Standard Time Scan duration : 69 sec
23/tcp
|
14274 - Nessus SNMP Scanner |
[-/+] |
Synopsis
SNMP information is enumerated to learn about other open ports.Description
This plugin runs an SNMP scan against the remote machine to find open ports. See the section 'plugins options' to configure it.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2016/06/06Ports
tcp/23
Port 23/tcp was found to be open
69/udp
|
14274 - Nessus SNMP Scanner |
[-/+] |
Synopsis
SNMP information is enumerated to learn about other open ports.Description
This plugin runs an SNMP scan against the remote machine to find open ports. See the section 'plugins options' to configure it.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2016/06/06Ports
udp/69
Port 69/udp was found to be open
80/tcp
|
14274 - Nessus SNMP Scanner |
[-/+] |
Synopsis
SNMP information is enumerated to learn about other open ports.Description
This plugin runs an SNMP scan against the remote machine to find open ports. See the section 'plugins options' to configure it.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2016/06/06Ports
tcp/80
Port 80/tcp was found to be open
161/udp
|
14274 - Nessus SNMP Scanner |
[-/+] |
Synopsis
SNMP information is enumerated to learn about other open ports.Description
This plugin runs an SNMP scan against the remote machine to find open ports. See the section 'plugins options' to configure it.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2016/06/06Ports
udp/161
Nessus SNMP scanner was able to retrieve the open port list with the community name: public It found 4 open TCP ports and 3 open UDP ports.udp/161
Port 161/udp was found to be open
1506/tcp
|
14274 - Nessus SNMP Scanner |
[-/+] |
Synopsis
SNMP information is enumerated to learn about other open ports.Description
This plugin runs an SNMP scan against the remote machine to find open ports. See the section 'plugins options' to configure it.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2016/06/06Ports
tcp/1506
Port 1506/tcp was found to be open
1507/udp
|
14274 - Nessus SNMP Scanner |
[-/+] |
Synopsis
SNMP information is enumerated to learn about other open ports.Description
This plugin runs an SNMP scan against the remote machine to find open ports. See the section 'plugins options' to configure it.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2016/06/06Ports
udp/1507
Port 1507/udp was found to be open
1513/tcp
|
14274 - Nessus SNMP Scanner |
[-/+] |
Synopsis
SNMP information is enumerated to learn about other open ports.Description
This plugin runs an SNMP scan against the remote machine to find open ports. See the section 'plugins options' to configure it.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2016/06/06Ports
tcp/1513
Port 1513/tcp was found to be open
192.168.109.20
Scan Information
| Start time: |
Wed Apr 12 01:00:27 2017 |
| End time: |
Wed Apr 12 01:09:28 2017 |
Host Information
| OS: |
Linux Kernel 3.10.0-327.10.1.el7.x86_64 on Red Hat Enterprise Linux Server release 7.1 (Maipo) |
Results Summary
| Critical |
High |
Medium |
Low |
Info |
Total |
| 12 |
30 |
34 |
2 |
61 |
139 |
Results Details
0/tcp
|
14657 - Red Hat Update Level |
[-/+] |
Synopsis
The remote Red Hat server is out-of-date.Description
The remote Red Hat server is missing the latest bugfix update package. As a result, it is likely to contain multiple security vulnerabilities.See Also
Solution
Apply the latest update.Risk Factor
CriticalCVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)Plugin Information:
Publication date: 2004/09/03, Modification date: 2016/01/04Ports
tcp/0
Installed version : 7.1 Latest version : 7.2
|
89774 - RHEL 5 / 6 / 7 : firefox (RHSA-2016:0373) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-1952, CVE-2016-1954, CVE-2016-1957, CVE-2016-1958, CVE-2016-1960, CVE-2016-1961, CVE-2016-1962, CVE-2016-1973, CVE-2016-1974, CVE-2016-1964, CVE-2016-1965, CVE-2016-1966) Multiple security flaws were found in the graphite2 font library shipped with Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel Holbert, Jesse Ruderman, Randell Jesup, Nicolas Golubovic, Jose Martinez, Romina Santillan, Abdulrahman Alqabandi, ca0nguyen, lokihardt, Dominique Hazael-Massieux, Nicolas Gregoire, Tsubasa Iinuma, the Communications Electronics Security Group (UK) of the GCHQ, Holger Fuhrmannek, Ronald Crane, and Tyson Smith as the original reporters of these issues. All Firefox users should upgrade to these updated packages, which contain Firefox version 38.7.0 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.See Also
Solution
Update the affected firefox and / or firefox-debuginfo packages.Risk Factor
CriticalCVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
8.5 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/03/09, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : firefox-38.6.1-1.el7_2 Should be : firefox-38.7.0-1.el7_2 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
90615 - RHEL 7 : java-1.8.0-openjdk (RHSA-2016:0650) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es) : * Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2016-0686, CVE-2016-0687) * It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger deserialization flaws. (CVE-2016-3427) * It was discovered that the JAXP component in OpenJDK failed to properly handle Unicode surrogate pairs used as part of the XML attribute values. Specially crafted XML input could cause a Java application to use an excessive amount of memory when parsed. (CVE-2016-3425) * It was discovered that the GCM (Galois/Counter Mode) implementation in the JCE component in OpenJDK used a non-constant time comparison when comparing GCM authentication tags. A remote attacker could possibly use this flaw to determine the value of the authentication tag. (CVE-2016-3426) * It was discovered that the Security component in OpenJDK failed to check the digest algorithm strength when generating DSA signatures. The use of a digest weaker than the key strength could lead to the generation of signatures that were weaker than expected. (CVE-2016-0695) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.See Also
Solution
Update the affected packages.Risk Factor
CriticalCVSS v3.0 Base Score
9.6 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)CVSS v3.0 Temporal Score
8.3 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/04/21, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : java-1.8.0-openjdk-1.8.0.71-2.b15.el7_2 Should be : java-1.8.0-openjdk-1.8.0.91-0.b14.el7_2 Remote package installed : java-1.8.0-openjdk-headless-1.8.0.71-2.b15.el7_2 Should be : java-1.8.0-openjdk-headless-1.8.0.91-0.b14.el7_2 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
90669 - RHEL 5 / 7 : java-1.7.0-openjdk (RHSA-2016:0676) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es) : * Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2016-0686, CVE-2016-0687) * It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger deserialization flaws. (CVE-2016-3427) * It was discovered that the JAXP component in OpenJDK failed to properly handle Unicode surrogate pairs used as part of the XML attribute values. Specially crafted XML input could cause a Java application to use an excessive amount of memory when parsed. (CVE-2016-3425) * It was discovered that the Security component in OpenJDK failed to check the digest algorithm strength when generating DSA signatures. The use of a digest weaker than the key strength could lead to the generation of signatures that were weaker than expected. (CVE-2016-0695)See Also
Solution
Update the affected packages.Risk Factor
CriticalCVSS v3.0 Base Score
9.6 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)CVSS v3.0 Temporal Score
8.3 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/04/22, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : java-1.7.0-openjdk-1.7.0.95-2.6.4.0.el7_2 Should be : java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2 Remote package installed : java-1.7.0-openjdk-headless-1.7.0.95-2.6.4.0.el7_2 Should be : java-1.7.0-openjdk-headless-1.7.0.101-2.6.6.1.el7_2 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
91033 - RHEL 7 : openssl (RHSA-2016:0722) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for openssl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es) : * A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. (CVE-2016-2108) * Two integer overflow flaws, leading to buffer overflows, were found in the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of OpenSSL parsed very large amounts of input data. A remote attacker could use these flaws to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2105, CVE-2016-2106) * It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107) * Several flaws were found in the way BIO_*printf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application. (CVE-2016-0799, CVE-2016-2842) * A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An application using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate an excessive amount of data. (CVE-2016-2109) Red Hat would like to thank the OpenSSL project for reporting CVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno Bock, and David Benjamin (Google) as the original reporters of CVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and CVE-2016-0799; and Juraj Somorovsky as the original reporter of CVE-2016-2107.See Also
Solution
Update the affected packages.Risk Factor
CriticalCVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
8.5 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/05/11, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : openssl-1.0.1e-51.el7_2.4 Should be : openssl-1.0.1e-51.el7_2.5 Remote package installed : openssl-libs-1.0.1e-51.el7_2.4 Should be : openssl-libs-1.0.1e-51.el7_2.5 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
91036 - RHEL 6 / 7 : ImageMagick (RHSA-2016:0726) (ImageTragick) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for ImageMagick is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Security Fix(es) : * It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application. (CVE-2016-3714) * It was discovered that certain ImageMagick coders and pseudo-protocols did not properly prevent security sensitive operations when processing specially crafted images. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would allow the attacker to delete, move, or disclose the contents of arbitrary files. (CVE-2016-3715, CVE-2016-3716, CVE-2016-3717) * A server-side request forgery flaw was discovered in the way ImageMagick processed certain images. A remote attacker could exploit this flaw to mislead an application using ImageMagick or an unsuspecting user using the ImageMagick utilities into, for example, performing HTTP(S) requests or opening FTP sessions via specially crafted images. (CVE-2016-3718) Note: This update contains an updated /etc/ImageMagick/policy.xml file that disables the EPHEMERAL, HTTPS, HTTP, URL, FTP, MVG, MSL, TEXT, and LABEL coders. If you experience any problems after the update, it may be necessary to manually adjust the policy.xml file to match your requirements. Please take additional precautions to ensure that your applications using the ImageMagick library do not process malicious or untrusted files before doing so.See Also
Solution
Update the affected packages.Risk Factor
CriticalCVSS v3.0 Base Score
8.4 (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:F/RL:O/RC:X)CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
8.3 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/05/11, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : ImageMagick-6.7.8.9-10.el7 Should be : ImageMagick-6.7.8.9-13.el7_2 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
91642 - RHEL 6 / 7 : ImageMagick (RHSA-2016:1237) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for ImageMagick is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Security Fix(es) : * It was discovered that ImageMagick did not properly sanitize certain input before using it to invoke processes. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application. (CVE-2016-5118) * It was discovered that ImageMagick did not properly sanitize certain input before passing it to the gnuplot delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application. (CVE-2016-5239) * Multiple flaws have been discovered in ImageMagick. A remote attacker could, for example, create specially crafted images that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would result in a memory corruption and, potentially, execution of arbitrary code, a denial of service, or an application crash. (CVE-2015-8896, CVE-2015-8895, CVE-2016-5240, CVE-2015-8897, CVE-2015-8898)See Also
Solution
Update the affected packages.Risk Factor
CriticalCVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
8.5 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/06/17, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : ImageMagick-6.7.8.9-10.el7 Should be : ImageMagick-6.7.8.9-15.el7_2 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
91802 - RHEL 6 / 7 : libxml2 (RHSA-2016:1292) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for libxml2 is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix(es) : A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or execute arbitrary code with the permissions of the user running the application. (CVE-2016-1834, CVE-2016-1840) Multiple denial of service flaws were found in libxml2. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, could cause that application to crash. (CVE-2016-1762, CVE-2016-1833, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449)See Also
Solution
Update the affected packages.Risk Factor
CriticalCVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
8.6 (CVSS:3.0/E:U/RL:X/RC:R)CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
8.1 (CVSS2#E:U/RL:ND/RC:UR)References
Plugin Information:
Publication date: 2016/06/24, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : libxml2-2.9.1-6.el7_2.2 Should be : libxml2-2.9.1-6.el7_2.3 Remote package installed : libxml2-python-2.9.1-6.el7_2.2 Should be : libxml2-python-2.9.1-6.el7_2.3 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
94537 - RHEL 7 : kernel (RHSA-2016:2574) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * It was found that the Linux kernel's IPv6 implementation mishandled socket options. A local attacker could abuse concurrent access to the socket options to escalate their privileges, or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call. (CVE-2016-3841, Important) * Several Moderate and Low impact security issues were found in the Linux kernel. Space precludes documenting each of these issues in this advisory. Refer to the CVE links in the References section for a description of each of these vulnerabilities. (CVE-2013-4312, CVE-2015-8374, CVE-2015-8543, CVE-2015-8812, CVE-2015-8844, CVE-2015-8845, CVE-2016-2053, CVE-2016-2069, CVE-2016-2847, CVE-2016-3156, CVE-2016-4581, CVE-2016-4794, CVE-2016-5412, CVE-2016-5828, CVE-2016-5829, CVE-2016-6136, CVE-2016-6198, CVE-2016-6327, CVE-2016-6480, CVE-2015-8746, CVE-2015-8956, CVE-2016-2117, CVE-2016-2384, CVE-2016-3070, CVE-2016-3699, CVE-2016-4569, CVE-2016-4578) Red Hat would like to thank Philip Pettersson (Samsung) for reporting CVE-2016-2053; Tetsuo Handa for reporting CVE-2016-2847; the Virtuozzo kernel team and Solar Designer (Openwall) for reporting CVE-2016-3156; Justin Yackoski (Cryptonite) for reporting CVE-2016-2117; and Linn Crosetto (HP) for reporting CVE-2016-3699. The CVE-2015-8812 issue was discovered by Venkatesh Pottem (Red Hat Engineering); the CVE-2015-8844 and CVE-2015-8845 issues were discovered by Miroslav Vadkerti (Red Hat Engineering); the CVE-2016-4581 issue was discovered by Eric W. Biederman (Red Hat); the CVE-2016-6198 issue was discovered by CAI Qian (Red Hat); and the CVE-2016-3070 issue was discovered by Jan Stancek (Red Hat). Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.See Also
Solution
Update the affected packages.Risk Factor
CriticalCVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
8.5 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/11/04, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : kernel-3.10.0-327.10.1.el7 Should be : kernel-3.10.0-514.el7 Remote package installed : kernel-devel-3.10.0-327.10.1.el7 Should be : kernel-devel-3.10.0-514.el7 Remote package installed : kernel-headers-3.10.0-327.10.1.el7 Should be : kernel-headers-3.10.0-514.el7 Remote package installed : kernel-tools-3.10.0-327.10.1.el7 Should be : kernel-tools-3.10.0-514.el7 Remote package installed : kernel-tools-libs-3.10.0-327.10.1.el7 Should be : kernel-tools-libs-3.10.0-514.el7 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
94549 - RHEL 7 : python (RHSA-2016:2586) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for python is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es) : * A vulnerability was discovered in Python, in the built-in zipimporter. A specially crafted zip file placed in a module path such that it would be loaded by a later 'import' statement could cause a heap overflow, leading to arbitrary code execution. (CVE-2016-5636) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.See Also
Solution
Update the affected packages.Risk Factor
CriticalCVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
8.5 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/11/04, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : python-2.7.5-34.el7 Should be : python-2.7.5-48.el7 Remote package installed : python-libs-2.7.5-34.el7 Should be : python-libs-2.7.5-48.el7 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
94558 - RHEL 7 : mariadb (RHSA-2016:2595) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for mariadb is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a newer upstream version: mariadb (5.5.52). (BZ#1304516, BZ#1377974) Security Fix(es) : * It was discovered that the MariaDB logging functionality allowed writing to MariaDB configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server. (CVE-2016-6662) * A race condition was found in the way MariaDB performed MyISAM engine table repair. A database user with shell access to the server running mysqld could use this flaw to change permissions of arbitrary files writable by the mysql system user. (CVE-2016-6663) * This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2016-3492, CVE-2016-5612, CVE-2016-5616, CVE-2016-5624, CVE-2016-5626, CVE-2016-5629, CVE-2016-8283) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.See Also
Solution
Update the affected packages.Risk Factor
CriticalCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
8.5 (CVSS:3.0/E:F/RL:U/RC:X)CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
9.5 (CVSS2#E:F/RL:U/RC:ND)References
Plugin Information:
Publication date: 2016/11/04, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : mariadb-libs-5.5.44-1.el7_1 Should be : mariadb-libs-5.5.52-1.el7 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
96593 - RHEL 7 : kernel (RHSA-2017:0086) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated kernel packages include several security issues and numerous bug fixes, some of which you can see below. Space precludes documenting all of these bug fixes in this advisory. To see the complete list of bug fixes, users are directed to the related Knowledge Article: https://access.redhat.com/articles/2857831. Security Fix(es) : * A use-after-free vulnerability was found in the kernel's socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function. (CVE-2016-7117, Important) * A use-after-free vulnerability was found in tcp_xmit_retransmit_queue and other tcp_* functions. This condition could allow an attacker to send an incorrect selective acknowledgment to existing connections, possibly resetting a connection. (CVE-2016-6828, Moderate) * A flaw was found in the Linux kernel's implementation of the SCTP protocol. A remote attacker could trigger an out-of-bounds read with an offset of up to 64kB potentially causing the system to crash. (CVE-2016-9555, Moderate) Bug Fix(es) : * Previously, the performance of Internet Protocol over InfiniBand (IPoIB) was suboptimal due to a conflict of IPoIB with the Generic Receive Offload (GRO) infrastructure. With this update, the data cached by the IPoIB driver has been moved from a control block into the IPoIB hard header, thus avoiding the GRO problem and the corruption of IPoIB address information. As a result, the performance of IPoIB has been improved. (BZ#1390668) * Previously, when a virtual machine (VM) with PCI-Passthrough interfaces was recreated, a race condition between the eventfd daemon and the virqfd daemon occurred. Consequently, the operating system rebooted. This update fixes the race condition. As a result, the operating system no longer reboots in the described situation. (BZ#1391611) * Previously, a packet loss occurred when the team driver in round-robin mode was sending a large number of packets. This update fixes counting of the packets in the round-robin runner of the team driver, and the packet loss no longer occurs in the described situation. (BZ#1392023) * Previously, the virtual network devices contained in the deleted namespace could be deleted in any order. If the loopback device was not deleted as the last item, other netns devices, such as vxlan devices, could end up with dangling references to the loopback device. Consequently, deleting a network namespace (netns) occasionally ended by a kernel oops. With this update, the underlying source code has been fixed to ensure the correct order when deleting the virtual network devices on netns deletion. As a result, the kernel oops no longer occurs under the described circumstances. (BZ#1392024) * Previously, a Kabylake system with a Sunrise Point Platform Controller Hub (PCH) with a PCI device ID of 0xA149 showed the following warning messages during the boot : 'Unknown Intel PCH (0xa149) detected.' 'Warning: Intel Kabylake processor with unknown PCH - this hardware has not undergone testing by Red Hat and might not be certified. Please consult https://hardware.redhat.com for certified hardware.' The messages were shown because this PCH was not properly recognized. With this update, the problem has been fixed, and the operating system now boots without displaying the warning messages. (BZ#1392033) * Previously, the operating system occasionally became unresponsive after a long run. This was caused by a race condition between the try_to_wake_up() function and a woken up task in the core scheduler. With this update, the race condition has been fixed, and the operating system no longer locks up in the described scenario. (BZ#1393719)See Also
Solution
Update the affected packages.Risk Factor
CriticalCVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
8.5 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2017/01/18, Modification date: 2017/01/23Ports
tcp/0
Remote package installed : kernel-3.10.0-327.10.1.el7 Should be : kernel-3.10.0-514.6.1.el7 Remote package installed : kernel-devel-3.10.0-327.10.1.el7 Should be : kernel-devel-3.10.0-514.6.1.el7 Remote package installed : kernel-headers-3.10.0-327.10.1.el7 Should be : kernel-headers-3.10.0-514.6.1.el7 Remote package installed : kernel-tools-3.10.0-327.10.1.el7 Should be : kernel-tools-3.10.0-514.6.1.el7 Remote package installed : kernel-tools-libs-3.10.0-327.10.1.el7 Should be : kernel-tools-libs-3.10.0-514.6.1.el7 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
90180 - RHEL 5 / 7 : java-1.7.0-openjdk (RHSA-2016:0512) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit for compiling and executing Java programs. Security Fix(es) : * An improper type safety check was discovered in the Hotspot component. An untrusted Java application or applet could use this flaw to bypass Java Sandbox restrictions. (CVE-2016-0636)See Also
Solution
Update the affected packages.Risk Factor
HighCVSS v3.0 Base Score
8.1 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.4 (CVSS:3.0/E:F/RL:O/RC:X)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/03/25, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : java-1.7.0-openjdk-1.7.0.95-2.6.4.0.el7_2 Should be : java-1.7.0-openjdk-1.7.0.99-2.6.5.0.el7_2 Remote package installed : java-1.7.0-openjdk-headless-1.7.0.95-2.6.4.0.el7_2 Should be : java-1.7.0-openjdk-headless-1.7.0.99-2.6.5.0.el7_2 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
90181 - RHEL 7 : java-1.8.0-openjdk (RHSA-2016:0513) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.8.0-openjdk packages contain the latest version of the Open Java Development Kit (OpenJDK), OpenJDK 8. These packages provide a fully compliant implementation of Java SE 8. Security Fix(es) : * An improper type safety check was discovered in the Hotspot component. An untrusted Java application or applet could use this flaw to bypass Java Sandbox restrictions. (CVE-2016-0636)See Also
Solution
Update the affected packages.Risk Factor
HighCVSS v3.0 Base Score
8.1 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.4 (CVSS:3.0/E:F/RL:O/RC:X)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/03/25, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : java-1.8.0-openjdk-1.8.0.71-2.b15.el7_2 Should be : java-1.8.0-openjdk-1.8.0.77-0.b03.el7_2 Remote package installed : java-1.8.0-openjdk-headless-1.8.0.71-2.b15.el7_2 Should be : java-1.8.0-openjdk-headless-1.8.0.77-0.b03.el7_2 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
90300 - RHEL 7 : mariadb (RHSA-2016:0534) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for mariadb is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a newer upstream version: MariaDB (5.5.47). Refer to the MariaDB Release Notes listed in the References section for a complete list of changes. Security Fix(es) : * It was found that the MariaDB client library did not properly check host names against server identities noted in the X.509 certificates when establishing secure connections using TLS/SSL. A man-in-the-middle attacker could possibly use this flaw to impersonate a server to a client. (CVE-2016-2047) * This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2015-4792, CVE-2015-4802, CVE-2015-4815, CVE-2015-4816, CVE-2015-4819, CVE-2015-4826, CVE-2015-4830, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4870, CVE-2015-4879, CVE-2015-4913, CVE-2016-0505, CVE-2016-0546, CVE-2016-0596, CVE-2016-0597, CVE-2016-0598, CVE-2016-0600, CVE-2016-0606, CVE-2016-0608, CVE-2016-0609, CVE-2016-0616) Bug Fix(es) : * When more than one INSERT operation was executed concurrently on a non-empty InnoDB table with an AUTO_INCREMENT column defined as a primary key immediately after starting MariaDB, a race condition could occur. As a consequence, one of the concurrent INSERT operations failed with a 'Duplicate key' error message. A patch has been applied to prevent the race condition. Now, each row inserted as a result of the concurrent INSERT operations receives a unique primary key, and the operations no longer fail in this scenario. (BZ#1303946)See Also
Solution
Update the affected packages.Risk Factor
HighCVSS v3.0 Base Score
5.9 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)CVSS v3.0 Temporal Score
5.2 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/04/01, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : mariadb-libs-5.5.44-1.el7_1 Should be : mariadb-libs-5.5.47-1.el7_2 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
90387 - RHEL 7 : graphite2 (RHSA-2016:0594) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for graphite2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Graphite2 is a project within SIL's Non-Roman Script Initiative and Language Software Development groups to provide rendering capabilities for complex non-Roman writing systems. Graphite can be used to create 'smart fonts' capable of displaying writing systems with various complex behaviors. With respect to the Text Encoding Model, Graphite handles the 'Rendering' aspect of writing system implementation. The following packages have been upgraded to a newer upstream version: graphite2 (1.3.6). Security Fix(es) : * Various vulnerabilities have been discovered in Graphite2. An attacker able to trick an unsuspecting user into opening specially crafted font files in an application using Graphite2 could exploit these flaws to cause the application to crash or, potentially, execute arbitrary code with the privileges of the application. (CVE-2016-1521, CVE-2016-1522, CVE-2016-1523, CVE-2016-1526)See Also
Solution
Update the affected graphite2, graphite2-debuginfo and / or graphite2-devel packages.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.4 (CVSS:3.0/E:U/RL:U/RC:U)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.1 (CVSS2#E:U/RL:U/RC:UC)References
Plugin Information:
Publication date: 2016/04/07, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : graphite2-1.2.2-5.el7 Should be : graphite2-1.3.6-1.el7_2 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
90749 - RHEL 7 : nss, nspr, nss-softokn, and nss-util (RHSA-2016:0685) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for nss, nspr, nss-softokn, and nss-util is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a newer upstream version: nss (3.21.0), nss-util (3.21.0), nspr (4.11.0). (BZ#1310581, BZ#1303021, BZ# 1299872) Security Fix(es) : * A use-after-free flaw was found in the way NSS handled DHE (Diffie-Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application. (CVE-2016-1978) * A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause that application to crash, or execute arbitrary code using the permissions of the user running the application. (CVE-2016-1979) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Eric Rescorla as the original reporter of CVE-2016-1978; and Tim Taubert as the original reporter of CVE-2016-1979. Bug Fix(es) : * The nss-softokn package has been updated to be compatible with NSS 3.21. (BZ#1326221)See Also
Solution
Update the affected packages.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)CVSS Temporal Score
5.5 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/04/27, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : nspr-4.10.8-2.el7_1 Should be : nspr-4.11.0-1.el7_2 Remote package installed : nss-3.19.1-19.el7_2 Should be : nss-3.21.0-9.el7_2 Remote package installed : nss-softokn-3.16.2.3-13.el7_1 Should be : nss-softokn-3.16.2.3-14.2.el7_2 Remote package installed : nss-softokn-freebl-3.16.2.3-13.el7_1 Should be : nss-softokn-freebl-3.16.2.3-14.2.el7_2 Remote package installed : nss-sysinit-3.19.1-19.el7_2 Should be : nss-sysinit-3.21.0-9.el7_2 Remote package installed : nss-tools-3.19.1-19.el7_2 Should be : nss-tools-3.21.0-9.el7_2 Remote package installed : nss-util-3.19.1-4.el7_1 Should be : nss-util-3.21.0-2.2.el7_2 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
91078 - RHEL 7 : pcre (RHSA-2016:1025) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for pcre is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. PCRE is a Perl-compatible regular expression library. Security Fix(es) : * Multiple flaws were found in the way PCRE handled malformed regular expressions. An attacker able to make an application using PCRE process a specially crafted regular expression could use these flaws to cause the application to crash or, possibly, execute arbitrary code. (CVE-2015-8385, CVE-2016-3191, CVE-2015-2328, CVE-2015-3217, CVE-2015-5073, CVE-2015-8388, CVE-2015-8391, CVE-2015-8386)See Also
Solution
Update the affected packages.Risk Factor
HighCVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
8.5 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
9.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:C)CVSS Temporal Score
6.7 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/05/12, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : pcre-8.32-14.el7 Should be : pcre-8.32-15.el7_2.1 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
91114 - RHEL 7 : kernel (RHSA-2016:1033) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A flaw was found in the way the Linux kernel's ASN.1 DER decoder processed certain certificate files with tags of indefinite length. A local, unprivileged user could use a specially crafted X.509 certificate DER file to crash the system or, potentially, escalate their privileges on the system. (CVE-2016-0758, Important) Red Hat would like to thank Philip Pettersson of Samsung for reporting this issue. Bug Fix(es) : * Under certain conditions, the migration threads could race with the CPU hotplug, which could cause a deadlock. A set of patches has been provided to fix this bug, and the deadlock no longer occurs in the system. (BZ#1299338) * A bug in the code that cleans up revoked delegations could previously cause a soft lockup in the NFS server. This patch fixes the underlying source code, so the lockup no longer occurs. (BZ#1311582) * The second attempt to reload Common Application Programming Interface (CAPI) devices on the little-endian variant of IBM Power Systems previously failed. The provided set of patches fixes this bug, and reloading works as intended. (BZ#1312396) * Due to inconsistencies in page size of IOMMU, the NVMe device, and the kernel, the BUG_ON signal previously occurred in the nvme_setup_prps() function, leading to the system crash while setting up the DMA transfer. The provided patch sets the default NVMe page size to 4k, thus preventing the system crash. (BZ# 1312399) * Previously, on a system using the Infiniband mlx5 driver used for the SRP stack, a hard lockup previously occurred after the kernel exceeded time with lock held with interrupts blocked. As a consequence, the system panicked. This update fixes this bug, and the system no longer panics in this situation. (BZ#1313814) * On the little-endian variant of IBM Power Systems, the kernel previously crashed in the bitmap_weight() function while running the memory affinity script. The provided patch fortifies the topology setup and prevents sd->child from being set to NULL when it is already NULL. As a result, the memory affinity script runs successfully. (BZ#1316158) * When a KVM guest wrote random values to the special-purpose registers (SPR) Instruction Authority Mask Register (IAMR), the guest and the corresponding QEMU process previously hung. This update adds the code which sets SPRs to a suitable neutral value on guest exit, thus fixing this bug. (BZ#1316636) * Under heavy iSCSI traffic load, the system previously panicked due to a race in the locking code leading to a list corruption. This update fixes this bug, and the system no longer panics in this situation. (BZ#1316812) * During SCSI exception handling (triggered by some irregularities), the driver could previously use an already retired SCSI command. As a consequence, a kernel panic or data corruption occurred. The provided patches fix this bug, and exception handling now proceeds successfully. (BZ#1316820) * When the previously opened /dev/tty, which pointed to a pseudo terminal (pty) pair, was the last file closed, a kernel crash could previously occur. The underlying source code has been fixed, preventing this bug. (BZ#1320297) * Previously, when using VPLEX and FCoE via the bnx2fc driver, different degrees of data corruption occurred. The provided patch fixes the FCP Response (RSP) residual parsing in bnx2fc, which prevents the aforementioned corruption. (BZ#1322279)See Also
Solution
Update the affected packages.Risk Factor
HighCVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/05/13, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : kernel-3.10.0-327.10.1.el7 Should be : kernel-3.10.0-327.18.2.el7 Remote package installed : kernel-devel-3.10.0-327.10.1.el7 Should be : kernel-devel-3.10.0-327.18.2.el7 Remote package installed : kernel-headers-3.10.0-327.10.1.el7 Should be : kernel-headers-3.10.0-327.18.2.el7 Remote package installed : kernel-tools-3.10.0-327.10.1.el7 Should be : kernel-tools-3.10.0-327.18.2.el7 Remote package installed : kernel-tools-libs-3.10.0-327.10.1.el7 Should be : kernel-tools-libs-3.10.0-327.18.2.el7 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
91801 - RHEL 7 : kernel (RHSA-2016:1277) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated kernel packages include several security issues and numerous bug fixes, some of which you can see below. Space precludes documenting all of these bug fixes in this advisory. To see the complete list of bug fixes, users are directed to the related Knowledge Article: https://access.redhat.com/articles/2361921. Security Fixes : * A flaw was found in the way certain interfaces of the Linux kernel's Infiniband subsystem used write() as bi-directional ioctl() replacement, which could lead to insufficient memory security checks when being invoked using the splice() system call. A local unprivileged user on a system with either Infiniband hardware present or RDMA Userspace Connection Manager Access module explicitly loaded, could use this flaw to escalate their privileges on the system. (CVE-2016-4565, Important) * A race condition flaw was found in the way the Linux kernel's SCTP implementation handled sctp_accept() during the processing of heartbeat timeout events. A remote attacker could use this flaw to prevent further connections to be accepted by the SCTP server running on the system, resulting in a denial of service. (CVE-2015-8767, Moderate) Red Hat would like to thank Jann Horn for reporting CVE-2016-4565. Bug Fixes : * When Small Computer System Interface (SCSI) devices were removed or deleted, a system crash could occur due to a race condition between listing all SCSI devices and SCSI device removal. The provided patch ensures that the starting node for the klist_iter_init_node() function is actually a member of the list before using it. As a result, a system crash no longer occurs in the described scenario. (BZ#1333403) * This update offers a reworked series of patches for the resizable hash table (rhashtable) including a number of backported bug fixes and enhancements from upstream. (BZ#1328801) * Previously, the same value of the mperf Model-Specific Register (MSR) read twice in a row could lead to a kernel panic due to the divide-by-zero error. The provided patch fixes this bug, and the kernel now handles two identical values of mperf gracefully. (BZ#1334438) * When a transparent proxy application was running and the number of established connections on the computer exceeded one million, unrelated processes, such as curl or ssh, were unable to bind to a local IP on the box to initiate a connection. The provided patch fixes the cooperation of the REUSEADDR/NOREUSEADDR socket option, and thus prevents the local port from being exhausted. As a result, the aforementioned bug no longer occurs in the described scenario. (BZ#1323960) * Previously, the kernel support for non-local bind for the IPv6 protocol was incomplete. As a consequence, an attempt to bind a socket to an IPv6 address that is not assigned to the host could fail. The provided patch includes changes in the ip_nonlocal_bind variable, which is now set to allow binding to an IPv6 address that is not assigned to the host. As a result, Linux servers are now able to bind to non-local IPv6 addresses as expected. (BZ#1324502) * On some servers with a faster CPU, USB initialization could previously lead to a kernel hang during boot. If this inconvenience occurred when booting the second kernel during the kdump operation, the kdump service failed and the vmcore was lost. The provided upstream patch fixes this bug, and the kernel no longer hangs after USB initialization. (BZ#1327581) * Previously, when running iperf servers using the mlx4_en module, a kernel panic occurred. The underlying source code has been fixed, and the kernel panic no longer occurs in the described scenario. (BZ#1327583)See Also
Solution
Update the affected packages.Risk Factor
HighCVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/06/24, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : kernel-3.10.0-327.10.1.el7 Should be : kernel-3.10.0-327.22.2.el7 Remote package installed : kernel-devel-3.10.0-327.10.1.el7 Should be : kernel-devel-3.10.0-327.22.2.el7 Remote package installed : kernel-headers-3.10.0-327.10.1.el7 Should be : kernel-headers-3.10.0-327.22.2.el7 Remote package installed : kernel-tools-3.10.0-327.10.1.el7 Should be : kernel-tools-3.10.0-327.22.2.el7 Remote package installed : kernel-tools-libs-3.10.0-327.10.1.el7 Should be : kernel-tools-libs-3.10.0-327.22.2.el7 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
92490 - RHEL 6 / 7 : java-1.8.0-openjdk (RHSA-2016:1458) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es) : * Multiple flaws were discovered in the Hotspot and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2016-3606, CVE-2016-3587, CVE-2016-3598, CVE-2016-3610) * Multiple denial of service flaws were found in the JAXP component in OpenJDK. A specially crafted XML file could cause a Java application using JAXP to consume an excessive amount of CPU and memory when parsed. (CVE-2016-3500, CVE-2016-3508) * Multiple flaws were found in the CORBA and Hotsport components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2016-3458, CVE-2016-3550) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.See Also
Solution
Update the affected packages.Risk Factor
HighCVSS v3.0 Base Score
9.6 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)CVSS v3.0 Temporal Score
8.3 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/07/21, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : java-1.8.0-openjdk-1.8.0.71-2.b15.el7_2 Should be : java-1.8.0-openjdk-1.8.0.101-3.b13.el7_2 Remote package installed : java-1.8.0-openjdk-headless-1.8.0.71-2.b15.el7_2 Should be : java-1.8.0-openjdk-headless-1.8.0.101-3.b13.el7_2 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
92604 - RHEL 5 / 6 / 7 : java-1.7.0-openjdk (RHSA-2016:1504) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es) : * Multiple flaws were discovered in the Hotspot and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2016-3606, CVE-2016-3598, CVE-2016-3610) * Multiple denial of service flaws were found in the JAXP component in OpenJDK. A specially crafted XML file could cause a Java application using JAXP to consume an excessive amount of CPU and memory when parsed. (CVE-2016-3500, CVE-2016-3508) * Multiple flaws were found in the CORBA and Hotsport components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2016-3458, CVE-2016-3550)See Also
Solution
Update the affected packages.Risk Factor
HighCVSS v3.0 Base Score
9.6 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)CVSS v3.0 Temporal Score
8.3 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/07/28, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : java-1.7.0-openjdk-1.7.0.95-2.6.4.0.el7_2 Should be : java-1.7.0-openjdk-1.7.0.111-2.6.7.2.el7_2 Remote package installed : java-1.7.0-openjdk-headless-1.7.0.95-2.6.4.0.el7_2 Should be : java-1.7.0-openjdk-headless-1.7.0.111-2.6.7.2.el7_2 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
92694 - RHEL 7 : kernel (RHSA-2016:1539) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated kernel packages include several security issues and numerous bug fixes, some of which you can see below. Space precludes documenting all of these bug fixes in this advisory. To see the complete list of bug fixes, users are directed to the related Knowledge Article: https://access.redhat.com/articles/2460971. Security Fix(es) : * A flaw was found in the Linux kernel's keyring handling code, where in key_reject_and_link() an uninitialised variable would eventually lead to arbitrary free address which could allow attacker to use a use-after-free style attack. (CVE-2016-4470, Important) * The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application. (CVE-2015-8660, Moderate) * It was reported that on s390x, the fork of a process with four page table levels will cause memory corruption with a variety of symptoms. All processes are created with three level page table and a limit of 4TB for the address space. If the parent process has four page table levels with a limit of 8PB, the function that duplicates the address space will try to copy memory areas outside of the address space limit for the child process. (CVE-2016-2143, Moderate) Red Hat would like to thank Nathan Williams for reporting CVE-2015-8660. The CVE-2016-4470 issue was discovered by David Howells (Red Hat Inc.). Bug Fix(es) : * The glibc headers and the Linux headers share certain definitions of key structures that are required to be defined in kernel and in userspace. In some instances both userspace and sanitized kernel headers have to be included in order to get the structure definitions required by the user program. Unfortunately because the glibc and Linux headers don't coordinate this can result in compilation errors. The glibc headers have therefore been fixed to coordinate with Linux UAPI-based headers. With the header coordination compilation errors no longer occur. (BZ#1331285) * When running the TCP/IPv6 traffic over the mlx4_en networking interface on the big endian architectures, call traces reporting about a 'hw csum failure' could occur. With this update, the mlx4_en driver has been fixed by correction of the checksum calculation for the big endian architectures. As a result, the call trace error no longer appears in the log messages. (BZ#1337431) * Under significant load, some applications such as logshifter could generate bursts of log messages too large for the system logger to spool. Due to a race condition, log messages from that application could then be lost even after the log volume dropped to manageable levels. This update fixes the kernel mechanism used to notify the transmitter end of the socket used by the system logger that more space is available on the receiver side, removing a race condition which previously caused the sender to stop transmitting new messages and allowing all log messages to be processed correctly. (BZ#1337513) * Previously, after heavy open or close of the Accelerator Function Unit (AFU) contexts, the interrupt packet went out and the AFU context did not see any interrupts. Consequently, a kernel panic could occur. The provided patch set fixes handling of the interrupt requests, and kernel panic no longer occurs in the described situation. (BZ#1338886) * net: recvfrom would fail on short buffer. (BZ#1339115) * Backport rhashtable changes from upstream. (BZ#1343639) * Server Crashing after starting Glusterd & creating volumes. (BZ#1344234) * RAID5 reshape deadlock fix. (BZ#1344313) * BDX perf uncore support fix. (BZ#1347374)See Also
Solution
Update the affected packages.Risk Factor
HighCVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.2 (CVSS:3.0/E:F/RL:O/RC:X)CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.0 (CVSS2#E:F/RL:OF/RC:ND)References
Exploitable with
CANVAS (true)Core Impact (true)Metasploit (true)Plugin Information:
Publication date: 2016/08/03, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : kernel-3.10.0-327.10.1.el7 Should be : kernel-3.10.0-327.28.2.el7 Remote package installed : kernel-devel-3.10.0-327.10.1.el7 Should be : kernel-devel-3.10.0-327.28.2.el7 Remote package installed : kernel-headers-3.10.0-327.10.1.el7 Should be : kernel-headers-3.10.0-327.28.2.el7 Remote package installed : kernel-tools-3.10.0-327.10.1.el7 Should be : kernel-tools-3.10.0-327.28.2.el7 Remote package installed : kernel-tools-libs-3.10.0-327.10.1.el7 Should be : kernel-tools-libs-3.10.0-327.28.2.el7 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
92696 - RHEL 7 : libtiff (RHSA-2016:1546) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for libtiff is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es) : * Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files. (CVE-2014-9655, CVE-2015-1547, CVE-2015-8784, CVE-2015-8683, CVE-2015-8665, CVE-2015-8781, CVE-2015-8782, CVE-2015-8783, CVE-2016-3990, CVE-2016-5320) * Multiple flaws have been discovered in various libtiff tools (bmp2tiff, pal2rgb, thumbnail, tiff2bw, tiff2pdf, tiffcrop, tiffdither, tiffsplit, tiff2rgba). By tricking a user into processing a specially crafted file, a remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code with the privileges of the user running the libtiff tool. (CVE-2014-8127, CVE-2014-8129, CVE-2014-8130, CVE-2014-9330, CVE-2015-7554, CVE-2015-8668, CVE-2016-3632, CVE-2016-3945, CVE-2016-3991)See Also
Solution
Update the affected packages.Risk Factor
HighCVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.8 (CVSS:3.0/E:U/RL:O/RC:U)CVSS Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)CVSS Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:UC)References
Plugin Information:
Publication date: 2016/08/03, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : libtiff-4.0.3-14.el7 Should be : libtiff-4.0.3-25.el7_2 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
93555 - RHEL 7 : kernel (RHSA-2016:1847) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A security flaw was found in the Linux kernel in the mark_source_chains() function in 'net/ipv4/netfilter/ip_tables.c'. It is possible for a user-supplied 'ipt_entry' structure to have a large 'next_offset' field. This field is not bounds checked prior to writing to a counter value at the supplied offset. (CVE-2016-3134, Important) * A flaw was discovered in processing setsockopt for 32 bit processes on 64 bit systems. This flaw will allow attackers to alter arbitrary kernel memory when unloading a kernel module. This action is usually restricted to root-privileged users but can also be leveraged if the kernel is compiled with CONFIG_USER_NS and CONFIG_NET_NS and the user is granted elevated privileges. (CVE-2016-4997, Important) * An out-of-bounds heap memory access leading to a Denial of Service, heap disclosure, or further impact was found in setsockopt(). The function call is normally restricted to root, however some processes with cap_sys_admin may also be able to trigger this flaw in privileged container environments. (CVE-2016-4998, Moderate) Bug Fix(es) : * In some cases, running the ipmitool command caused a kernel panic due to a race condition in the ipmi message handler. This update fixes the race condition, and the kernel panic no longer occurs in the described scenario. (BZ#1353947) * Previously, running I/O-intensive operations in some cases caused the system to terminate unexpectedly after a NULL pointer dereference in the kernel. With this update, a set of patches has been applied to the 3w-9xxx and 3w-sas drivers that fix this bug. As a result, the system no longer crashes in the described scenario. (BZ#1362040) * Previously, the Stream Control Transmission Protocol (SCTP) sockets did not inherit the SELinux labels properly. As a consequence, the sockets were labeled with the unlabeled_t SELinux type which caused SCTP connections to fail. The underlying source code has been modified, and SCTP connections now works as expected. (BZ#1354302) * Previously, the bnx2x driver waited for transmission completions when recovering from a parity event, which substantially increased the recovery time. With this update, bnx2x does not wait for transmission completion in the described circumstances. As a result, the recovery of bnx2x after a parity event now takes less time. (BZ#1351972) Enhancement(s) : * With this update, the audit subsystem enables filtering of processes by name besides filtering by PID. Users can now audit by executable name (with the '-F exe=<path-to-executable>' option), which allows expression of many new audit rules. This functionality can be used to create events when specific applications perform a syscall. (BZ#1345774) * With this update, the Nonvolatile Memory Express (NVMe) and the multi-queue block layer (blk_mq) have been upgraded to the Linux 4.5 upstream version. Previously, a race condition between timeout and freeing request in blk_mq occurred, which could affect the blk_mq_tag_to_rq() function and consequently a kernel oops could occur. The provided patch fixes this race condition by updating the tags with the active request. The patch simplifies blk_mq_tag_to_rq() and ensures that the two requests are not active at the same time. (BZ#1350352) * The Hyper-V storage driver (storvsc) has been upgraded from upstream. This update provides moderate performance improvement of I/O operations when using storvscr for certain workloads. (BZ#1360161) Additional Changes : Space precludes documenting all of the bug fixes and enhancements included in this advisory. To see the complete list of bug fixes and enhancements, refer to the following KnowledgeBase article: https://access.redhat.com/articles/2592321See Also
Solution
Update the affected packages.Risk Factor
HighCVSS v3.0 Base Score
8.4 (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.9 (CVSS:3.0/E:P/RL:U/RC:X)CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.5 (CVSS2#E:POC/RL:U/RC:ND)References
Exploitable with
Metasploit (true)Plugin Information:
Publication date: 2016/09/16, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : kernel-3.10.0-327.10.1.el7 Should be : kernel-3.10.0-327.36.1.el7 Remote package installed : kernel-devel-3.10.0-327.10.1.el7 Should be : kernel-devel-3.10.0-327.36.1.el7 Remote package installed : kernel-headers-3.10.0-327.10.1.el7 Should be : kernel-headers-3.10.0-327.36.1.el7 Remote package installed : kernel-tools-3.10.0-327.10.1.el7 Should be : kernel-tools-3.10.0-327.36.1.el7 Remote package installed : kernel-tools-libs-3.10.0-327.10.1.el7 Should be : kernel-tools-libs-3.10.0-327.36.1.el7 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
93763 - RHEL 6 / 7 : openssl (RHSA-2016:1940) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for openssl is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es) : * A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support. (CVE-2016-6304) * It was discovered that OpenSSL did not always use constant time operations when computing Digital Signature Algorithm (DSA) signatures. A local attacker could possibly use this flaw to obtain a private DSA key belonging to another user or service running on the same system. (CVE-2016-2178) * It was discovered that the Datagram TLS (DTLS) implementation could fail to release memory in certain cases. A malicious DTLS client could cause a DTLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory. (CVE-2016-2179) * A flaw was found in the Datagram TLS (DTLS) replay protection implementation in OpenSSL. A remote attacker could possibly use this flaw to make a DTLS server using OpenSSL to reject further packets sent from a DTLS client over an established DTLS connection. (CVE-2016-2181) * An out of bounds write flaw was discovered in the OpenSSL BN_bn2dec() function. An attacker able to make an application using OpenSSL to process a large BIGNUM could cause the application to crash or, possibly, execute arbitrary code. (CVE-2016-2182) * A flaw was found in the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183) This update mitigates the CVE-2016-2183 issue by lowering priority of DES cipher suites so they are not preferred over cipher suites using AES. For compatibility reasons, DES cipher suites remain enabled by default and included in the set of cipher suites identified by the HIGH cipher string. Future updates may move them to MEDIUM or not enable them by default. * An integer underflow flaw leading to a buffer over-read was found in the way OpenSSL parsed TLS session tickets. A remote attacker could use this flaw to crash a TLS server using OpenSSL if it used SHA-512 as HMAC for session tickets. (CVE-2016-6302) * Multiple integer overflow flaws were found in the way OpenSSL performed pointer arithmetic. A remote attacker could possibly use these flaws to cause a TLS/SSL server or client using OpenSSL to crash. (CVE-2016-2177) * An out of bounds read flaw was found in the way OpenSSL formatted Public Key Infrastructure Time-Stamp Protocol data for printing. An attacker could possibly cause an application using OpenSSL to crash if it printed time stamp data from the attacker. (CVE-2016-2180) * Multiple out of bounds read flaws were found in the way OpenSSL handled certain TLS/SSL protocol handshake messages. A remote attacker could possibly use these flaws to crash a TLS/SSL server or client using OpenSSL. (CVE-2016-6306) Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6304 and CVE-2016-6306 and OpenVPN for reporting CVE-2016-2183. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter of CVE-2016-6304 and CVE-2016-6306; and Karthikeyan Bhargavan (Inria) and Gaetan Leurent (Inria) as the original reporters of CVE-2016-2183.See Also
Solution
Update the affected packages.Risk Factor
HighCVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
9.0 (CVSS:3.0/E:F/RL:O/RC:X)CVSS Base Score
7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)CVSS Temporal Score
6.4 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/09/28, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : openssl-1.0.1e-51.el7_2.4 Should be : openssl-1.0.1e-51.el7_2.7 Remote package installed : openssl-libs-1.0.1e-51.el7_2.4 Should be : openssl-libs-1.0.1e-51.el7_2.7 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
93784 - RHEL 5 / 6 / 7 : bind (RHSA-2016:1944) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for bind is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es) : * A denial of service flaw was found in the way BIND constructed a response to a query that met certain criteria. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS request packet. (CVE-2016-2776) Red Hat would like to thank ISC for reporting this issue.See Also
Solution
Update the affected packages.Risk Factor
HighCVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)CVSS v3.0 Temporal Score
6.9 (CVSS:3.0/E:F/RL:O/RC:X)CVSS Base Score
7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)CVSS Temporal Score
6.4 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IReferences
| CVE |
CVE-2016-2776
|
| XREF |
OSVDB:144854 |
| XREF |
RHSA:2016:1944 |
| XREF |
IAVA:2017-A-0004 |
Plugin Information:
Publication date: 2016/09/28, Modification date: 2017/01/16Ports
tcp/0
Remote package installed : bind-libs-9.9.4-29.el7_2.2 Should be : bind-libs-9.9.4-29.el7_2.4 Remote package installed : bind-libs-lite-9.9.4-29.el7_2.2 Should be : bind-libs-lite-9.9.4-29.el7_2.4 Remote package installed : bind-license-9.9.4-29.el7_2.2 Should be : bind-license-9.9.4-29.el7_2.4 Remote package installed : bind-utils-9.9.4-29.el7_2.2 Should be : bind-utils-9.9.4-29.el7_2.4 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
93952 - RHEL 7 : kernel (RHSA-2016:2047) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * Linux kernel built with the 802.1Q/802.1ad VLAN(CONFIG_VLAN_8021Q) OR Virtual eXtensible Local Area Network(CONFIG_VXLAN) with Transparent Ethernet Bridging(TEB) GRO support, is vulnerable to a stack overflow issue. It could occur while receiving large packets via GRO path as an unlimited recursion could unfold in both VLAN and TEB modules leading to a stack corruption in the kernel. (CVE-2016-7039, Important)See Also
Solution
Update the affected packages.Risk Factor
HighCVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)CVSS v3.0 Temporal Score
6.3 (CVSS:3.0/E:U/RL:O/RC:R)CVSS Base Score
7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)CVSS Temporal Score
5.5 (CVSS2#E:U/RL:OF/RC:UR)References
Plugin Information:
Publication date: 2016/10/11, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : kernel-3.10.0-327.10.1.el7 Should be : kernel-3.10.0-327.36.2.el7 Remote package installed : kernel-devel-3.10.0-327.10.1.el7 Should be : kernel-devel-3.10.0-327.36.2.el7 Remote package installed : kernel-headers-3.10.0-327.10.1.el7 Should be : kernel-headers-3.10.0-327.36.2.el7 Remote package installed : kernel-tools-3.10.0-327.10.1.el7 Should be : kernel-tools-3.10.0-327.36.2.el7 Remote package installed : kernel-tools-libs-3.10.0-327.10.1.el7 Should be : kernel-tools-libs-3.10.0-327.36.2.el7 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
94150 - RHEL 6 / 7 : java-1.8.0-openjdk (RHSA-2016:2079) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es) : * It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine's memory and completely bypass Java sandbox restrictions. (CVE-2016-5582) * It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol (JDWP) packets. An attacker could possibly use this flaw to send debugging commands to a Java program running with debugging enabled if they could make victim's browser send HTTP requests to the JDWP port of the debugged application. (CVE-2016-5573) * It was discovered that the Libraries component of OpenJDK did not restrict the set of algorithms used for Jar integrity verification. This flaw could allow an attacker to modify content of the Jar file that used weak signing key or hash algorithm. (CVE-2016-5542) Note: After this update, MD2 hash algorithm and RSA keys with less than 1024 bits are no longer allowed to be used for Jar integrity verification by default. MD5 hash algorithm is expected to be disabled by default in the future updates. A newly introduced security property jdk.jar.disabledAlgorithms can be used to control the set of disabled algorithms. * A flaw was found in the way the JMX component of OpenJDK handled classloaders. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2016-5554) * A flaw was found in the way the Networking component of OpenJDK handled HTTP proxy authentication. A Java application could possibly expose HTTPS server authentication credentials via a plain text network connection to an HTTP proxy if proxy asked for authentication. (CVE-2016-5597) Note: After this update, Basic HTTP proxy authentication can no longer be used when tunneling HTTPS connection through an HTTP proxy. Newly introduced system properties jdk.http.auth.proxying.disabledSchemes and jdk.http.auth.tunneling.disabledSchemes can be used to control which authentication schemes can be requested by an HTTP proxy when proxying HTTP and HTTPS connections respectively. Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.See Also
Solution
Update the affected packages.Risk Factor
HighCVSS v3.0 Base Score
9.6 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)CVSS v3.0 Temporal Score
8.6 (CVSS:3.0/E:P/RL:O/RC:X)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/10/20, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : java-1.8.0-openjdk-1.8.0.71-2.b15.el7_2 Should be : java-1.8.0-openjdk-1.8.0.111-1.b15.el7_2 Remote package installed : java-1.8.0-openjdk-headless-1.8.0.71-2.b15.el7_2 Should be : java-1.8.0-openjdk-headless-1.8.0.111-1.b15.el7_2 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
94230 - RHEL 7 : kernel (RHSA-2016:2098) (Dirty COW) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. (CVE-2016-5195, Important) Red Hat would like to thank Phil Oester for reporting this issue.See Also
Solution
Update the affected packages.Risk Factor
HighCVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.2 (CVSS:3.0/E:F/RL:O/RC:X)CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.0 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IReferences
| CVE |
CVE-2016-5195
|
| XREF |
OSVDB:146061 |
| XREF |
RHSA:2016:2098 |
| XREF |
IAVA:2016-A-0306 |
Exploitable with
CANVAS (true)Core Impact (true)Plugin Information:
Publication date: 2016/10/24, Modification date: 2017/01/16Ports
tcp/0
Remote package installed : kernel-3.10.0-327.10.1.el7 Should be : kernel-3.10.0-327.36.3.el7 Remote package installed : kernel-devel-3.10.0-327.10.1.el7 Should be : kernel-devel-3.10.0-327.36.3.el7 Remote package installed : kernel-headers-3.10.0-327.10.1.el7 Should be : kernel-headers-3.10.0-327.36.3.el7 Remote package installed : kernel-tools-3.10.0-327.10.1.el7 Should be : kernel-tools-3.10.0-327.36.3.el7 Remote package installed : kernel-tools-libs-3.10.0-327.10.1.el7 Should be : kernel-tools-libs-3.10.0-327.36.3.el7 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
94545 - RHEL 7 : nettle (RHSA-2016:2582) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for nettle is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Nettle is a cryptographic library that is designed to fit easily in almost any context: In cryptographic toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like lsh or GnuPG, or even in kernel space. Security Fix(es) : * Multiple flaws were found in the way nettle implemented elliptic curve scalar multiplication. These flaws could potentially introduce cryptographic weaknesses into nettle's functionality. (CVE-2015-8803, CVE-2015-8804, CVE-2015-8805) * It was found that nettle's RSA and DSA decryption code was vulnerable to cache-related side channel attacks. An attacker could use this flaw to recover the private key from a co-located virtual-machine instance. (CVE-2016-6489) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.See Also
Solution
Update the affected nettle, nettle-debuginfo and / or nettle-devel packages.Risk Factor
HighCVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
8.8 (CVSS:3.0/E:P/RL:O/RC:X)CVSS Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)CVSS Temporal Score
5.9 (CVSS2#E:POC/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/11/04, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : nettle-2.7.1-4.el7 Should be : nettle-2.7.1-8.el7 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
94551 - RHEL 7 : openssh (RHSA-2016:2588) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for openssh is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix(es) : * It was discovered that the OpenSSH sshd daemon fetched PAM environment settings before running the login program. In configurations with UseLogin=yes and the pam_env PAM module configured to read user environment settings, a local user could use this flaw to execute arbitrary code as root. (CVE-2015-8325) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.See Also
Solution
Update the affected packages.Risk Factor
HighCVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/11/04, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : openssh-6.6.1p1-23.el7_2 Should be : openssh-6.6.1p1-31.el7 Remote package installed : openssh-clients-6.6.1p1-23.el7_2 Should be : openssh-clients-6.6.1p1-31.el7 Remote package installed : openssh-server-6.6.1p1-23.el7_2 Should be : openssh-server-6.6.1p1-31.el7 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
94553 - RHEL 7 : dhcp (RHSA-2016:2590) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for dhcp is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Security Fix(es) : * A resource-consumption flaw was discovered in the DHCP server. dhcpd did not restrict the number of open connections to OMAPI and failover ports. A remote attacker able to establish TCP connections to one of these ports could use this flaw to cause dhcpd to exit unexpectedly, stop responding requests, or exhaust system sockets (denial of service). (CVE-2016-2774) Red Hat would like to thank ISC for reporting this issue. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.See Also
Solution
Update the affected packages.Risk Factor
HighCVSS v3.0 Base Score
5.9 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)CVSS v3.0 Temporal Score
5.5 (CVSS:3.0/E:F/RL:T/RC:X)CVSS Base Score
7.1 (CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)CVSS Temporal Score
6.1 (CVSS2#E:F/RL:TF/RC:ND)STIG Severity
IReferences
| CVE |
CVE-2016-2774
|
| XREF |
OSVDB:135495 |
| XREF |
RHSA:2016:2590 |
| XREF |
IAVB:2016-B-0044 |
Plugin Information:
Publication date: 2016/11/04, Modification date: 2017/01/11Ports
tcp/0
Remote package installed : dhclient-4.2.5-36.el7 Should be : dhclient-4.2.5-47.el7 Remote package installed : dhcp-common-4.2.5-36.el7 Should be : dhcp-common-4.2.5-47.el7 Remote package installed : dhcp-libs-4.2.5-36.el7 Should be : dhcp-libs-4.2.5-47.el7 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
94623 - RHEL 5 / 6 / 7 : java-1.7.0-openjdk (RHSA-2016:2658) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es) : * It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine's memory and completely bypass Java sandbox restrictions. (CVE-2016-5582) * It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol (JDWP) packets. An attacker could possibly use this flaw to send debugging commands to a Java program running with debugging enabled if they could make victim's browser send HTTP requests to the JDWP port of the debugged application. (CVE-2016-5573) * It was discovered that the Libraries component of OpenJDK did not restrict the set of algorithms used for Jar integrity verification. This flaw could allow an attacker to modify content of the Jar file that used weak signing key or hash algorithm. (CVE-2016-5542) Note: After this update, MD2 hash algorithm and RSA keys with less than 1024 bits are no longer allowed to be used for Jar integrity verification by default. MD5 hash algorithm is expected to be disabled by default in the future updates. A newly introduced security property jdk.jar.disabledAlgorithms can be used to control the set of disabled algorithms. * A flaw was found in the way the JMX component of OpenJDK handled classloaders. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2016-5554) * A flaw was found in the way the Networking component of OpenJDK handled HTTP proxy authentication. A Java application could possibly expose HTTPS server authentication credentials via a plain text network connection to an HTTP proxy if proxy asked for authentication. (CVE-2016-5597) Note: After this update, Basic HTTP proxy authentication can no longer be used when tunneling HTTPS connection through an HTTP proxy. Newly introduced system properties jdk.http.auth.proxying.disabledSchemes and jdk.http.auth.tunneling.disabledSchemes can be used to control which authentication schemes can be requested by an HTTP proxy when proxying HTTP and HTTPS connections respectively.See Also
Solution
Update the affected packages.Risk Factor
HighCVSS v3.0 Base Score
9.6 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)CVSS v3.0 Temporal Score
8.6 (CVSS:3.0/E:P/RL:O/RC:X)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/11/08, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : java-1.7.0-openjdk-1.7.0.95-2.6.4.0.el7_2 Should be : java-1.7.0-openjdk-1.7.0.121-2.6.8.0.el7_3 Remote package installed : java-1.7.0-openjdk-headless-1.7.0.95-2.6.4.0.el7_2 Should be : java-1.7.0-openjdk-headless-1.7.0.121-2.6.8.0.el7_3 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
94896 - RHEL 6 / 7 : policycoreutils (RHSA-2016:2702) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for policycoreutils is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The policycoreutils packages contain the core policy utilities required to manage a SELinux environment. Security Fix(es) : * It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use this flaw to execute arbitrary commands in the context of the parent shell, escaping the sandbox. (CVE-2016-7545)See Also
Solution
Update the affected packages.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.4 (CVSS:3.0/E:U/RL:U/RC:U)CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.5 (CVSS2#E:U/RL:U/RC:UC)References
Plugin Information:
Publication date: 2016/11/15, Modification date: 2017/01/23Ports
tcp/0
Remote package installed : policycoreutils-2.2.5-15.el7 Should be : policycoreutils-2.5-9.el7 Remote package installed : policycoreutils-python-2.2.5-15.el7 Should be : policycoreutils-python-2.5-9.el7 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
94912 - RHEL 5 / 6 / 7 : nss and nss-util (RHSA-2016:2779) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for nss and nss-util is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries. The following packages have been upgraded to a newer upstream version: nss (3.12.3), nss-util (3.12.3). Security Fix(es) : * Multiple buffer handling flaws were found in the way NSS handled cryptographic data from the network. A remote attacker could use these flaws to crash an application using NSS or, possibly, execute arbitrary code with the permission of the user running the application. (CVE-2016-2834) * A NULL pointer dereference flaw was found in the way NSS handled invalid Diffie-Hellman keys. A remote client could use this flaw to crash a TLS/SSL server using NSS. (CVE-2016-5285) * It was found that Diffie Hellman Client key exchange handling in NSS was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group. (CVE-2016-8635) Red Hat would like to thank the Mozilla project for reporting CVE-2016-2834. The CVE-2016-8635 issue was discovered by Hubert Kario (Red Hat). Upstream acknowledges Tyson Smith and Jed Davis as the original reporter of CVE-2016-2834.See Also
Solution
Update the affected packages.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/11/16, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : nss-3.19.1-19.el7_2 Should be : nss-3.21.3-2.el7_3 Remote package installed : nss-sysinit-3.19.1-19.el7_2 Should be : nss-sysinit-3.21.3-2.el7_3 Remote package installed : nss-tools-3.19.1-19.el7_2 Should be : nss-tools-3.21.3-2.el7_3 Remote package installed : nss-util-3.19.1-4.el7_1 Should be : nss-util-3.21.3-1.1.el7_3 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
95381 - RHEL 6 / 7 : expat (RHSA-2016:2824) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for expat is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Expat is a C library for parsing XML documents. Security Fix(es) : * An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, possibly, execute arbitrary code with the permission of the user running the application. (CVE-2016-0718) Red Hat would like to thank Gustavo Grieco for reporting this issue.See Also
Solution
Update the affected packages.Risk Factor
HighCVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)CVSS Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)CVSS Temporal Score
5.5 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/11/29, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : expat-2.1.0-8.el7 Should be : expat-2.1.0-10.el7_3 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
96948 - RHEL 6 / 7 : libtiff (RHSA-2017:0225) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for libtiff is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es) : * Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files. (CVE-2016-9533, CVE-2016-9534, CVE-2016-9535) * Multiple flaws have been discovered in various libtiff tools (tiff2pdf, tiffcrop, tiffcp, bmp2tiff). By tricking a user into processing a specially crafted file, a remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code with the privileges of the user running the libtiff tool. (CVE-2015-8870, CVE-2016-5652, CVE-2016-9540, CVE-2016-9537, CVE-2016-9536)See Also
Solution
Update the affected packages.Risk Factor
HighCVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)CVSS Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)References
Plugin Information:
Publication date: 2017/02/02, Modification date: 2017/02/02Ports
tcp/0
Remote package installed : libtiff-4.0.3-14.el7 Should be : libtiff-4.0.3-27.el7_3 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
97011 - RHEL 6 / 7 : ntp (RHSA-2017:0252) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for ntp is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix(es) : * It was found that when ntp is configured with rate limiting for all associations the limits are also applied to responses received from its configured sources. A remote attacker who knows the sources can cause a denial of service by preventing ntpd from accepting valid responses from its sources. (CVE-2016-7426) * A flaw was found in the control mode functionality of ntpd. A remote attacker could send a crafted control mode packet which could lead to information disclosure or result in DDoS amplification attacks. (CVE-2016-9310) * A flaw was found in the way ntpd implemented the trap service. A remote attacker could send a specially crafted packet to cause a NULL pointer dereference that will crash ntpd, resulting in a denial of service. (CVE-2016-9311) * A flaw was found in the way ntpd running on a host with multiple network interfaces handled certain server responses. A remote attacker could use this flaw which would cause ntpd to not synchronize with the source. (CVE-2016-7429) * A flaw was found in the way ntpd calculated the root delay. A remote attacker could send a specially crafted spoofed packet to cause denial of service or in some special cases even crash. (CVE-2016-7433)See Also
Solution
Update the affected packages.Risk Factor
HighCVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)CVSS v3.0 Temporal Score
6.0 (CVSS:3.0/E:F/RL:O/RC:X)CVSS Base Score
7.1 (CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)CVSS Temporal Score
5.9 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IReferences
Plugin Information:
Publication date: 2017/02/06, Modification date: 2017/03/31Ports
tcp/0
Remote package installed : ntpdate-4.2.6p5-22.el7_2.1 Should be : ntpdate-4.2.6p5-25.el7_3.1 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
97349 - RHEL 7 : kernel (RHSA-2017:0294) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation freed SKB (socket buffer) resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system. (CVE-2017-6074, Important)See Also
Solution
Update the affected packages.Risk Factor
HighCVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.2 (CVSS:3.0/E:F/RL:O/RC:X)CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.0 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2017/02/23, Modification date: 2017/03/07Ports
tcp/0
Remote package installed : kernel-3.10.0-327.10.1.el7 Should be : kernel-3.10.0-514.6.2.el7 Remote package installed : kernel-devel-3.10.0-327.10.1.el7 Should be : kernel-devel-3.10.0-514.6.2.el7 Remote package installed : kernel-headers-3.10.0-327.10.1.el7 Should be : kernel-headers-3.10.0-514.6.2.el7 Remote package installed : kernel-tools-3.10.0-327.10.1.el7 Should be : kernel-tools-3.10.0-514.6.2.el7 Remote package installed : kernel-tools-libs-3.10.0-327.10.1.el7 Should be : kernel-tools-libs-3.10.0-514.6.2.el7 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
97509 - RHEL 7 : kernel (RHSA-2017:0386) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support is vulnerable to a NULL pointer dereference flaw. It could occur on x86 platform, when emulating an undefined instruction. An attacker could use this flaw to crash the host kernel resulting in DoS. (CVE-2016-8630, Important) * A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets implementation in the Linux kernel networking subsystem handled synchronization while creating the TPACKET_V3 ring buffer. A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this flaw to elevate their privileges on the system. (CVE-2016-8655, Important) * A flaw was discovered in the Linux kernel's implementation of VFIO. An attacker issuing an ioctl can create a situation where memory is corrupted and modify memory outside of the expected area. This may overwrite kernel memory and subvert kernel execution. (CVE-2016-9083, Important) * The use of a kzalloc with an integer multiplication allowed an integer overflow condition to be reached in vfio_pci_intrs.c. This combined with CVE-2016-9083 may allow an attacker to craft an attack and use unallocated memory, potentially crashing the machine. (CVE-2016-9084, Moderate) Red Hat would like to thank Philip Pettersson for reporting CVE-2016-8655. Additional Changes : Space precludes documenting all of the bug fixes and enhancements included in this advisory. To see the complete list of bug fixes and enhancements, refer to the following KnowledgeBase article: https://access.redhat.com/articles/2940041 .See Also
Solution
Update the affected packages.Risk Factor
HighCVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.4 (CVSS:3.0/E:P/RL:X/RC:C)CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.5 (CVSS2#E:POC/RL:ND/RC:C)References
Exploitable with
Core Impact (true)Plugin Information:
Publication date: 2017/03/03, Modification date: 2017/03/07Ports
tcp/0
Remote package installed : kernel-3.10.0-327.10.1.el7 Should be : kernel-3.10.0-514.10.2.el7 Remote package installed : kernel-devel-3.10.0-327.10.1.el7 Should be : kernel-devel-3.10.0-514.10.2.el7 Remote package installed : kernel-headers-3.10.0-327.10.1.el7 Should be : kernel-headers-3.10.0-514.10.2.el7 Remote package installed : kernel-tools-3.10.0-327.10.1.el7 Should be : kernel-tools-3.10.0-514.10.2.el7 Remote package installed : kernel-tools-libs-3.10.0-327.10.1.el7 Should be : kernel-tools-libs-3.10.0-514.10.2.el7 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
97769 - RHEL 7 : policycoreutils (RHSA-2017:0536) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for policycoreutils is now available for Red Hat Enterprise Linux 7.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The policycoreutils packages contain the core policy utilities required to manage a SELinux environment. Security Fix(es) : * It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use this flaw to execute arbitrary commands in the context of the parent shell, escaping the sandbox. (CVE-2016-7545)See Also
Solution
Update the affected packages.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.4 (CVSS:3.0/E:U/RL:U/RC:U)CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.5 (CVSS2#E:U/RL:U/RC:UC)References
Plugin Information:
Publication date: 2017/03/16, Modification date: 2017/03/28Ports
tcp/0
Remote package installed : policycoreutils-2.2.5-15.el7 Should be : policycoreutils-2.2.5-16.el7_1 Remote package installed : policycoreutils-python-2.2.5-15.el7 Should be : policycoreutils-python-2.2.5-16.el7_1 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
89771 - RHEL 6 / 7 : nss-util (RHSA-2016:0370) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
Updated nss-util packages that fix one security issue are now available for Red Hat Enterprise 6 and 7. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util package provides a set of utilities for NSS and the Softoken module. A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash, or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library. (CVE-2016-1950) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Francis Gabriel as the original reporter. All nss-util users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all applications linked to the nss and nss-util library must be restarted, or the system rebooted.See Also
Solution
Update the affected nss-util, nss-util-debuginfo and / or nss-util-devel packages.Risk Factor
MediumCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)CVSS Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/03/09, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : nss-util-3.19.1-4.el7_1 Should be : nss-util-3.19.1-9.el7_2 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
89820 - RHEL 6 / 7 : libssh2 (RHSA-2016:0428) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
Updated libssh2 packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libssh2 packages provide a library that implements the SSHv2 protocol. A type confusion issue was found in the way libssh2 generated ephemeral secrets for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. This would cause an SSHv2 Diffie-Hellman handshake to use significantly less secure random parameters. (CVE-2016-0787) Red Hat would like to thank Aris Adamantiadis for reporting this issue. All libssh2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing these updated packages, all running applications using libssh2 must be restarted for this update to take effect.See Also
Solution
Update the affected packages.Risk Factor
MediumCVSS v3.0 Base Score
5.9 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)CVSS v3.0 Temporal Score
5.2 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)CVSS Temporal Score
3.2 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/03/10, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : libssh2-1.4.3-10.el7 Should be : libssh2-1.4.3-10.el7_2.1 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
89954 - RHEL 6 / 7 : samba (RHSA-2016:0448) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
Updated samba packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw was found in the way Samba handled ACLs on symbolic links. An authenticated user could use this flaw to gain access to an arbitrary file or directory by overwriting its ACL. (CVE-2015-7560) Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Jeremy Allison (Google) and the Samba team as the original reporters. All samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically.See Also
Solution
Update the affected packages.Risk Factor
MediumCVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)CVSS v3.0 Temporal Score
5.7 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
4.0 (CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N)CVSS Temporal Score
3.0 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/03/16, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : libsmbclient-4.2.3-11.el7_2 Should be : libsmbclient-4.2.3-12.el7_2 Remote package installed : libwbclient-4.2.3-11.el7_2 Should be : libwbclient-4.2.3-12.el7_2 Remote package installed : samba-client-libs-4.2.3-11.el7_2 Should be : samba-client-libs-4.2.3-12.el7_2 Remote package installed : samba-common-4.2.3-11.el7_2 Should be : samba-common-4.2.3-12.el7_2 Remote package installed : samba-common-libs-4.2.3-11.el7_2 Should be : samba-common-libs-4.2.3-12.el7_2 Remote package installed : samba-common-tools-4.2.3-11.el7_2 Should be : samba-common-tools-4.2.3-12.el7_2 Remote package installed : samba-libs-4.2.3-11.el7_2 Should be : samba-libs-4.2.3-12.el7_2 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
89985 - RHEL 5 / 6 / 7 : bind (RHSA-2016:0459) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
Updated bind packages that fix two security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND parsed signature records for DNAME records. By sending a specially crafted query, a remote attacker could use this flaw to cause named to crash. (CVE-2016-1286) A denial of service flaw was found in the way BIND processed certain control channel input. A remote attacker able to send a malformed packet to the control channel could use this flaw to cause named to crash. (CVE-2016-1285) Red Hat would like to thank ISC for reporting these issues. All bind users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, the BIND daemon (named) will be restarted automatically.See Also
Solution
Update the affected packages.Risk Factor
MediumCVSS v3.0 Base Score
8.6 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H)CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)CVSS Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/03/17, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : bind-libs-9.9.4-29.el7_2.2 Should be : bind-libs-9.9.4-29.el7_2.3 Remote package installed : bind-libs-lite-9.9.4-29.el7_2.2 Should be : bind-libs-lite-9.9.4-29.el7_2.3 Remote package installed : bind-license-9.9.4-29.el7_2.2 Should be : bind-license-9.9.4-29.el7_2.3 Remote package installed : bind-utils-9.9.4-29.el7_2.2 Should be : bind-utils-9.9.4-29.el7_2.3 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
90078 - RHEL 7 : openssh (RHSA-2016:0465) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
Updated openssh packages that fix two security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. It was discovered that the OpenSSH server did not sanitize data received in requests to enable X11 forwarding. An authenticated client with restricted SSH access could possibly use this flaw to bypass intended restrictions. (CVE-2016-3115) An access flaw was discovered in OpenSSH; the OpenSSH client did not correctly handle failures to generate authentication cookies for untrusted X11 forwarding. A malicious or compromised remote X application could possibly use this flaw to establish a trusted connection to the local X server, even if only untrusted X11 forwarding was requested. (CVE-2016-1908) All openssh users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the OpenSSH server daemon (sshd) will be restarted automatically.See Also
Solution
Update the affected packages.Risk Factor
MediumCVSS v3.0 Base Score
6.4 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)CVSS v3.0 Temporal Score
5.9 (CVSS:3.0/E:F/RL:O/RC:X)CVSS Base Score
5.5 (CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N)CVSS Temporal Score
4.5 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/03/22, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : openssh-6.6.1p1-23.el7_2 Should be : openssh-6.6.1p1-25.el7_2 Remote package installed : openssh-clients-6.6.1p1-23.el7_2 Should be : openssh-clients-6.6.1p1-25.el7_2 Remote package installed : openssh-server-6.6.1p1-23.el7_2 Should be : openssh-server-6.6.1p1-25.el7_2 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
90140 - RHEL 6 / 7 : nss-util (RHSA-2016:0495) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
Updated nss-util packages that fix one security issue are now available for Red Hat Enterprise Linux 6.2, 6.4, and 6.5 Advanced Update Support, and Red Hat Enterprise Linux 6.6 and 7.1 Extended Update Support. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util package provides a set of utilities for NSS and the Softoken module. A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash, or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library. (CVE-2016-1950) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Francis Gabriel as the original reporter. All nss-util users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all applications linked to the nss and nss-util libraries must be restarted, or the system rebooted.See Also
Solution
Update the affected nss-util, nss-util-debuginfo and / or nss-util-devel packages.Risk Factor
MediumCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)CVSS Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/03/24, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : nss-util-3.19.1-4.el7_1 Should be : nss-util-3.19.1-5.el7_1 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
90299 - RHEL 7 : krb5 (RHSA-2016:0532) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for krb5 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC). Security Fix(es) : * A memory leak flaw was found in the krb5_unparse_name() function of the MIT Kerberos kadmind service. An authenticated attacker could repeatedly send specially crafted requests to the server, which could cause the server to consume large amounts of memory resources, ultimately leading to a denial of service due to memory exhaustion. (CVE-2015-8631) * An out-of-bounds read flaw was found in the kadmind service of MIT Kerberos. An authenticated attacker could send a maliciously crafted message to force kadmind to read beyond the end of allocated memory, and write the memory contents to the KDC database if the attacker has write permission, leading to information disclosure. (CVE-2015-8629) * A NULL pointer dereference flaw was found in the procedure used by the MIT Kerberos kadmind service to store policies: the kadm5_create_principal_3() and kadm5_modify_principal() function did not ensure that a policy was given when KADM5_POLICY was set. An authenticated attacker with permissions to modify the database could use this flaw to add or modify a principal with a policy set to NULL, causing the kadmind service to crash. (CVE-2015-8630) The CVE-2015-8631 issue was discovered by Simo Sorce of Red Hat.See Also
Solution
Update the affected packages.Risk Factor
MediumCVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)CVSS v3.0 Temporal Score
6.5 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
6.8 (CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C)CVSS Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/04/01, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : krb5-libs-1.13.2-10.el7 Should be : krb5-libs-1.13.2-12.el7_2 Remote package installed : krb5-workstation-1.13.2-10.el7 Should be : krb5-workstation-1.13.2-12.el7_2 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
90492 - RHEL 6 / 7 : samba and samba4 (RHSA-2016:0612) (Badlock) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for samba4 and samba is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7, respectively. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a newer upstream version: Samba (4.2.10). Refer to the Release Notes listed in the References section for a complete list of changes. Security Fix(es) : * Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server (high CPU load or a crash) or, possibly, execute arbitrary code with the permissions of the user running Samba (root). This flaw could also be used to downgrade a secure DCE/RPC connection by a man-in-the-middle attacker taking control of an Active Directory (AD) object and compromising the security of a Samba Active Directory Domain Controller (DC). (CVE-2015-5370) Note: While Samba packages as shipped in Red Hat Enterprise Linux do not support running Samba as an AD DC, this flaw applies to all roles Samba implements. * A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection that a client initiates against a server could be used by a man-in-the-middle attacker to impersonate the authenticated user against the SAMR or LSA service on the server. As a result, the attacker would be able to get read/write access to the Security Account Manager database, and use this to reveal all passwords or any other potentially sensitive information in that database. (CVE-2016-2118) * Several flaws were found in Samba's implementation of NTLMSSP authentication. An unauthenticated, man-in-the-middle attacker could use this flaw to clear the encryption and integrity flags of a connection, causing data to be transmitted in plain text. The attacker could also force the client or server into sending data in plain text even if encryption was explicitly requested for that connection. (CVE-2016-2110) * It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine. (CVE-2016-2111) * It was found that Samba's LDAP implementation did not enforce integrity protection for LDAP connections. A man-in-the-middle attacker could use this flaw to downgrade LDAP connections to use no integrity protection, allowing them to hijack such connections. (CVE-2016-2112) * It was found that Samba did not validate SSL/TLS certificates in certain connections. A man-in-the-middle attacker could use this flaw to spoof a Samba server using a specially crafted SSL/TLS certificate. (CVE-2016-2113) * It was discovered that Samba did not enforce Server Message Block (SMB) signing for clients using the SMB1 protocol. A man-in-the-middle attacker could use this flaw to modify traffic between a client and a server. (CVE-2016-2114) * It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client. (CVE-2016-2115) Red Hat would like to thank the Samba project for reporting these issues. Upstream acknowledges Jouni Knuutinen (Synopsis) as the original reporter of CVE-2015-5370; and Stefan Metzmacher (SerNet) as the original reporter of CVE-2016-2118, CVE-2016-2110, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, and CVE-2016-2115.See Also
Solution
Update the affected packages.Risk Factor
MediumCVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
6.9 (CVSS:3.0/E:F/RL:O/RC:X)CVSS Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)CVSS Temporal Score
5.6 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/04/13, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : libldb-1.1.20-1.el7_2.2 Should be : libldb-1.1.25-1.el7_2 Remote package installed : libsmbclient-4.2.3-11.el7_2 Should be : libsmbclient-4.2.10-6.el7_2 Remote package installed : libtalloc-2.1.2-1.el7 Should be : libtalloc-2.1.5-1.el7_2 Remote package installed : libtdb-1.3.6-2.el7 Should be : libtdb-1.3.8-1.el7_2 Remote package installed : libtevent-0.9.25-1.el7 Should be : libtevent-0.9.26-1.el7_2 Remote package installed : libwbclient-4.2.3-11.el7_2 Should be : libwbclient-4.2.10-6.el7_2 Remote package installed : pytalloc-2.1.2-1.el7 Should be : pytalloc-2.1.5-1.el7_2 Remote package installed : samba-client-libs-4.2.3-11.el7_2 Should be : samba-client-libs-4.2.10-6.el7_2 Remote package installed : samba-common-4.2.3-11.el7_2 Should be : samba-common-4.2.10-6.el7_2 Remote package installed : samba-common-libs-4.2.3-11.el7_2 Should be : samba-common-libs-4.2.10-6.el7_2 Remote package installed : samba-common-tools-4.2.3-11.el7_2 Should be : samba-common-tools-4.2.10-6.el7_2 Remote package installed : samba-libs-4.2.3-11.el7_2 Should be : samba-libs-4.2.10-6.el7_2 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
90495 - RHEL 7 : samba (RHSA-2016:0618) (Badlock) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for samba is now available for Red Hat Enterprise Linux 7.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a newer upstream version: Samba (4.2.10). Refer to the Release Notes listed in the References section for a complete list of changes. Security Fix(es) : * Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server (high CPU load or a crash) or, possibly, execute arbitrary code with the permissions of the user running Samba (root). This flaw could also be used to downgrade a secure DCE/RPC connection by a man-in-the-middle attacker taking control of an Active Directory (AD) object and compromising the security of a Samba Active Directory Domain Controller (DC). (CVE-2015-5370) Note: While Samba packages as shipped in Red Hat Enterprise Linux do not support running Samba as an AD DC, this flaw applies to all roles Samba implements. * A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection that a client initiates against a server could be used by a man-in-the-middle attacker to impersonate the authenticated user against the SAMR or LSA service on the server. As a result, the attacker would be able to get read/write access to the Security Account Manager database, and use this to reveal all passwords or any other potentially sensitive information in that database. (CVE-2016-2118) * Several flaws were found in Samba's implementation of NTLMSSP authentication. An unauthenticated, man-in-the-middle attacker could use this flaw to clear the encryption and integrity flags of a connection, causing data to be transmitted in plain text. The attacker could also force the client or server into sending data in plain text even if encryption was explicitly requested for that connection. (CVE-2016-2110) * It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine. (CVE-2016-2111) * It was found that Samba's LDAP implementation did not enforce integrity protection for LDAP connections. A man-in-the-middle attacker could use this flaw to downgrade LDAP connections to use no integrity protection, allowing them to hijack such connections. (CVE-2016-2112) * It was found that Samba did not validate SSL/TLS certificates in certain connections. A man-in-the-middle attacker could use this flaw to spoof a Samba server using a specially crafted SSL/TLS certificate. (CVE-2016-2113) * It was discovered that Samba did not enforce Server Message Block (SMB) signing for clients using the SMB1 protocol. A man-in-the-middle attacker could use this flaw to modify traffic between a client and a server. (CVE-2016-2114) * It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client. (CVE-2016-2115) Red Hat would like to thank the Samba project for reporting these issues. Upstream acknowledges Jouni Knuutinen (Synopsis) as the original reporter of CVE-2015-5370; and Stefan Metzmacher (SerNet) as the original reporter of CVE-2016-2118, CVE-2016-2110, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, and CVE-2016-2115.See Also
Solution
Update the affected packages.Risk Factor
MediumCVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
6.9 (CVSS:3.0/E:F/RL:O/RC:X)CVSS Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)CVSS Temporal Score
5.6 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/04/13, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : libldb-1.1.20-1.el7_2.2 Should be : libldb-1.1.25-1.el7_1 Remote package installed : libsmbclient-4.2.3-11.el7_2 Should be : libsmbclient-4.2.10-5.el7_1 Remote package installed : libtalloc-2.1.2-1.el7 Should be : libtalloc-2.1.5-1.el7_1 Remote package installed : libtdb-1.3.6-2.el7 Should be : libtdb-1.3.8-1.el7_1 Remote package installed : libtevent-0.9.25-1.el7 Should be : libtevent-0.9.26-1.el7_1 Remote package installed : libwbclient-4.2.3-11.el7_2 Should be : libwbclient-4.2.10-5.el7_1 Remote package installed : pytalloc-2.1.2-1.el7 Should be : pytalloc-2.1.5-1.el7_1 Remote package installed : samba-client-libs-4.2.3-11.el7_2 Should be : samba-client-libs-4.2.10-5.el7_1 Remote package installed : samba-common-4.2.3-11.el7_2 Should be : samba-common-4.2.10-5.el7_1 Remote package installed : samba-common-libs-4.2.3-11.el7_2 Should be : samba-common-libs-4.2.10-5.el7_1 Remote package installed : samba-common-tools-4.2.3-11.el7_2 Should be : samba-common-tools-4.2.10-5.el7_1 Remote package installed : samba-libs-4.2.3-11.el7_2 Should be : samba-libs-4.2.10-5.el7_1 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
91214 - RHEL 7 : libndp (RHSA-2016:1086) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for libndp is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Libndp is a library (used by NetworkManager) that provides a wrapper for the IPv6 Neighbor Discovery Protocol. It also provides a tool named ndptool for sending and receiving NDP messages. Security Fix(es) : * It was found that libndp did not properly validate and check the origin of Neighbor Discovery Protocol (NDP) messages. An attacker on a non-local network could use this flaw to advertise a node as a router, allowing them to perform man-in-the-middle attacks on a connecting client, or disrupt the network connectivity of that client. (CVE-2016-3698) Red Hat would like to thank Julien Bernard (Viagenie) for reporting this issue.See Also
Solution
Update the affected libndp, libndp-debuginfo and / or libndp-devel packages.Risk Factor
MediumCVSS v3.0 Base Score
8.1 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.1 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)CVSS Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/05/18, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : libndp-1.2-4.el7 Should be : libndp-1.2-6.el7_2 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
91420 - RHEL 6 / 7 : ntp (RHSA-2016:1141) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for ntp is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix(es) : * It was found that when NTP was configured in broadcast mode, a remote attacker could broadcast packets with bad authentication to all clients. The clients, upon receiving the malformed packets, would break the association with the broadcast server, causing them to become out of sync over a longer period of time. (CVE-2015-7979) * A denial of service flaw was found in the way NTP handled preemptable client associations. A remote attacker could send several crypto NAK packets to a victim client, each with a spoofed source address of an existing associated peer, preventing that client from synchronizing its time. (CVE-2016-1547) * It was found that an ntpd client could be forced to change from basic client/server mode to the interleaved symmetric mode. A remote attacker could use a spoofed packet that, when processed by an ntpd client, would cause that client to reject all future legitimate server responses, effectively disabling time synchronization on that client. (CVE-2016-1548) * A flaw was found in the way NTP's libntp performed message authentication. An attacker able to observe the timing of the comparison function used in packet authentication could potentially use this flaw to recover the message digest. (CVE-2016-1550) * An out-of-bounds access flaw was found in the way ntpd processed certain packets. An authenticated attacker could use a crafted packet to create a peer association with hmode of 7 and larger, which could potentially (although highly unlikely) cause ntpd to crash. (CVE-2016-2518) The CVE-2016-1548 issue was discovered by Miroslav Lichvar (Red Hat).See Also
Solution
Update the affected packages.Risk Factor
MediumCVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)CVSS v3.0 Temporal Score
6.5 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P)CVSS Temporal Score
4.7 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/06/01, Modification date: 2017/02/13Ports
tcp/0
Remote package installed : ntpdate-4.2.6p5-22.el7_2.1 Should be : ntpdate-4.2.6p5-22.el7_2.2 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
92579 - RHEL 7 : samba (RHSA-2016:1486) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for samba is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es) : * A flaw was found in the way Samba initiated signed DCE/RPC connections. A man-in-the-middle attacker could use this flaw to downgrade the connection to not use signing and therefore impersonate the server. (CVE-2016-2119) Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Stefan Metzmacher as the original reporter. Bug Fix(es) : * Previously, the 'net' command in some cases failed to join the client to Active Directory (AD) because the permissions setting prevented modification of the supported Kerberos encryption type LDAP attribute. With this update, Samba has been fixed to allow joining an AD domain as a user. In addition, Samba now uses the machine account credentials to set up the Kerberos encryption types within AD for the joined machine. As a result, using 'net' to join a domain now works more reliably. (BZ#1351260) * Previously, the idmap_hash module worked incorrectly when it was used together with other modules. As a consequence, user and group IDs were not mapped properly. A patch has been applied to skip already configured modules. Now, the hash module can be used as the default idmap configuration back end and IDs are resolved correctly. (BZ#1350759)See Also
Solution
Update the affected packages.Risk Factor
MediumCVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
6.5 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)CVSS Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/07/27, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : libsmbclient-4.2.3-11.el7_2 Should be : libsmbclient-4.2.10-7.el7_2 Remote package installed : libwbclient-4.2.3-11.el7_2 Should be : libwbclient-4.2.10-7.el7_2 Remote package installed : samba-client-libs-4.2.3-11.el7_2 Should be : samba-client-libs-4.2.10-7.el7_2 Remote package installed : samba-common-4.2.3-11.el7_2 Should be : samba-common-4.2.10-7.el7_2 Remote package installed : samba-common-libs-4.2.3-11.el7_2 Should be : samba-common-libs-4.2.10-7.el7_2 Remote package installed : samba-common-tools-4.2.3-11.el7_2 Should be : samba-common-tools-4.2.10-7.el7_2 Remote package installed : samba-libs-4.2.3-11.el7_2 Should be : samba-libs-4.2.10-7.el7_2 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
92938 - RHEL 7 : mariadb (RHSA-2016:1602) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for mariadb is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a newer upstream version: mariadb (5.5.50). Security Fix(es) : * This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory pages, listed in the References section. (CVE-2016-0640, CVE-2016-0641, CVE-2016-0643, CVE-2016-0644, CVE-2016-0646, CVE-2016-0647, CVE-2016-0648, CVE-2016-0649, CVE-2016-0650, CVE-2016-0666, CVE-2016-3452, CVE-2016-3477, CVE-2016-3521, CVE-2016-3615, CVE-2016-5440, CVE-2016-5444)See Also
Solution
Update the affected packages.Risk Factor
MediumCVSS v3.0 Base Score
8.1 (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.1 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
6.8 (CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C)CVSS Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/08/12, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : mariadb-libs-5.5.44-1.el7_1 Should be : mariadb-libs-5.5.50-1.el7_2 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
93039 - RHEL 6 / 7 : python (RHSA-2016:1626) (httpoxy) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for python is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es) : * It was discovered that the Python CGIHandler class did not properly protect against the HTTP_PROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a Python CGI script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-1000110) * It was found that Python's smtplib library did not return an exception when StartTLS failed to be established in the SMTP.starttls() function. A man in the middle attacker could strip out the STARTTLS command without generating an exception on the Python SMTP client application, preventing the establishment of the TLS layer. (CVE-2016-0772) * It was found that the Python's httplib library (used by urllib, urllib2 and others) did not properly check HTTPConnection.putheader() function arguments. An attacker could use this flaw to inject additional headers in a Python application that allowed user provided header names or values. (CVE-2016-5699) Red Hat would like to thank Scott Geary (VendHQ) for reporting CVE-2016-1000110.See Also
Solution
Update the affected packages.Risk Factor
MediumCVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)CVSS Temporal Score
4.1 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/08/19, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : python-2.7.5-34.el7 Should be : python-2.7.5-38.el7_2 Remote package installed : python-libs-2.7.5-34.el7 Should be : python-libs-2.7.5-38.el7_2 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
93042 - RHEL 7 : kernel (RHSA-2016:1633) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the RFC 5961 challenge ACK rate limiting as implemented in the Linux kernel's networking subsystem allowed an off-path attacker to leak certain information about a given connection by creating congestion on the global challenge ACK rate limit counter and then measuring the changes by probing packets. An off-path attacker could use this flaw to either terminate TCP connection and/or inject payload into non-secured TCP connection between two endpoints on the network. (CVE-2016-5696, Important) Red Hat would like to thank Yue Cao from Cyber Security Group in the CS department of University of California, Riverside, for reporting this issue.See Also
Solution
Update the affected packages.Risk Factor
MediumCVSS v3.0 Base Score
4.8 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)CVSS v3.0 Temporal Score
4.4 (CVSS:3.0/E:F/RL:O/RC:X)CVSS Base Score
5.8 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P)CVSS Temporal Score
4.8 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/08/19, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : kernel-3.10.0-327.10.1.el7 Should be : kernel-3.10.0-327.28.3.el7 Remote package installed : kernel-devel-3.10.0-327.10.1.el7 Should be : kernel-devel-3.10.0-327.28.3.el7 Remote package installed : kernel-headers-3.10.0-327.10.1.el7 Should be : kernel-headers-3.10.0-327.28.3.el7 Remote package installed : kernel-tools-3.10.0-327.10.1.el7 Should be : kernel-tools-3.10.0-327.28.3.el7 Remote package installed : kernel-tools-libs-3.10.0-327.10.1.el7 Should be : kernel-tools-libs-3.10.0-327.28.3.el7 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
94536 - RHEL 7 : glibc (RHSA-2016:2573) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for glibc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es) : * A stack overflow vulnerability was found in _nss_dns_getnetbyname_r. On systems with nsswitch configured to include 'networks: dns' with a privileged or network-facing service that would attempt to resolve user-provided network names, an attacker could provide an excessively long network name, resulting in stack corruption and code execution. (CVE-2016-3075) This issue was discovered by Florian Weimer (Red Hat). Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.See Also
Solution
Update the affected packages.Risk Factor
MediumCVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)CVSS Temporal Score
3.9 (CVSS2#E:POC/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/11/04, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : glibc-2.17-106.el7_2.4 Should be : glibc-2.17-157.el7 Remote package installed : glibc-common-2.17-106.el7_2.4 Should be : glibc-common-2.17-157.el7 Remote package installed : glibc-devel-2.17-106.el7_2.4 Should be : glibc-devel-2.17-157.el7 Remote package installed : glibc-headers-2.17-106.el7_2.4 Should be : glibc-headers-2.17-157.el7 Remote package installed : nscd-2.17-106.el7_2.4 Should be : nscd-2.17-157.el7 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
94538 - RHEL 7 : curl (RHSA-2016:2575) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for curl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix(es) : * It was found that the libcurl library did not prevent TLS session resumption when the client certificate had changed. An attacker could potentially use this flaw to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate. (CVE-2016-5419) * It was found that the libcurl library did not check the client certificate when choosing the TLS connection to reuse. An attacker could potentially use this flaw to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate. (CVE-2016-5420) * It was found that the libcurl library using the NSS (Network Security Services) library as TLS/SSL backend incorrectly re-used client certificates for subsequent TLS connections in certain cases. An attacker could potentially use this flaw to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate. (CVE-2016-7141) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.See Also
Solution
Update the affected packages.Risk Factor
MediumCVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)CVSS v3.0 Temporal Score
6.9 (CVSS:3.0/E:F/RL:O/RC:X)CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)CVSS Temporal Score
4.1 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/11/04, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : curl-7.29.0-25.el7 Should be : curl-7.29.0-35.el7 Remote package installed : libcurl-7.29.0-25.el7 Should be : libcurl-7.29.0-35.el7 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
94546 - RHEL 7 : ntp (RHSA-2016:2583) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for ntp is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix(es) : * It was found that the fix for CVE-2014-9750 was incomplete: three issues were found in the value length checks in NTP's ntp_crypto.c, where a packet with particular autokey operations that contained malicious data was not always being completely validated. A remote attacker could use a specially crafted NTP packet to crash ntpd. (CVE-2015-7691, CVE-2015-7692, CVE-2015-7702) * A memory leak flaw was found in ntpd's CRYPTO_ASSOC. If ntpd was configured to use autokey authentication, an attacker could send packets to ntpd that would, after several days of ongoing attack, cause it to run out of memory. (CVE-2015-7701) * An off-by-one flaw, leading to a buffer overflow, was found in cookedprint functionality of ntpq. A specially crafted NTP packet could potentially cause ntpq to crash. (CVE-2015-7852) * A NULL pointer dereference flaw was found in the way ntpd processed 'ntpdc reslist' commands that queried restriction lists with a large amount of entries. A remote attacker could potentially use this flaw to crash ntpd. (CVE-2015-7977) * A stack-based buffer overflow flaw was found in the way ntpd processed 'ntpdc reslist' commands that queried restriction lists with a large amount of entries. A remote attacker could use this flaw to crash ntpd. (CVE-2015-7978) * It was found that when NTP was configured in broadcast mode, a remote attacker could broadcast packets with bad authentication to all clients. The clients, upon receiving the malformed packets, would break the association with the broadcast server, causing them to become out of sync over a longer period of time. (CVE-2015-7979) * It was found that ntpd could crash due to an uninitialized variable when processing malformed logconfig configuration commands. (CVE-2015-5194) * It was found that ntpd would exit with a segmentation fault when a statistics type that was not enabled during compilation (e.g. timingstats) was referenced by the statistics or filegen configuration command. (CVE-2015-5195) * It was found that NTP's :config command could be used to set the pidfile and driftfile paths without any restrictions. A remote attacker could use this flaw to overwrite a file on the file system with a file containing the pid of the ntpd process (immediately) or the current estimated drift of the system clock (in hourly intervals). (CVE-2015-5196, CVE-2015-7703) * It was discovered that the sntp utility could become unresponsive due to being caught in an infinite loop when processing a crafted NTP packet. (CVE-2015-5219) * A flaw was found in the way NTP verified trusted keys during symmetric key authentication. An authenticated client (A) could use this flaw to modify a packet sent between a server (B) and a client (C) using a key that is different from the one known to the client (A). (CVE-2015-7974) * A flaw was found in the way the ntpq client processed certain incoming packets in a loop in the getresponse() function. A remote attacker could potentially use this flaw to crash an ntpq client instance. (CVE-2015-8158) The CVE-2015-5219 and CVE-2015-7703 issues were discovered by Miroslav Lichvar (Red Hat). Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.See Also
Solution
Update the affected packages.Risk Factor
MediumCVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)CVSS v3.0 Temporal Score
6.5 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)CVSS Temporal Score
4.1 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/11/04, Modification date: 2017/03/08Ports
tcp/0
Remote package installed : ntpdate-4.2.6p5-22.el7_2.1 Should be : ntpdate-4.2.6p5-25.el7 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
94550 - RHEL 7 : wget (RHSA-2016:2587) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for wget is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Security Fix(es) : * It was found that wget used a file name provided by the server for the downloaded file when following an HTTP redirect to a FTP server resource. This could cause wget to create a file with a different name than expected, possibly allowing the server to execute arbitrary code on the client. (CVE-2016-4971) Red Hat would like to thank GNU wget project for reporting this issue. Upstream acknowledges Dawid Golunski as the original reporter. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.See Also
Solution
Update the affected wget and / or wget-debuginfo packages.Risk Factor
MediumCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
8.1 (CVSS:3.0/E:F/RL:O/RC:X)CVSS Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)CVSS Temporal Score
3.6 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/11/04, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : wget-1.14-10.el7_0.1 Should be : wget-1.14-13.el7 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
94554 - RHEL 7 : krb5 (RHSA-2016:2591) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for krb5 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC). The following packages have been upgraded to a newer upstream version: krb5 (1.14.1). (BZ#1292153) Security Fix(es) : * A NULL pointer dereference flaw was found in MIT Kerberos kadmind service. An authenticated attacker with permission to modify a principal entry could use this flaw to cause kadmind to dereference a NULL pointer and crash by supplying an empty DB argument to the modify_principal command, if kadmind was configured to use the LDAP KDB module. (CVE-2016-3119) * A NULL pointer dereference flaw was found in MIT Kerberos krb5kdc service. An authenticated attacker could use this flaw to cause krb5kdc to dereference a NULL pointer and crash by making an S4U2Self request, if the restrict_anonymous_to_tgt option was set to true. (CVE-2016-3120) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.See Also
Solution
Update the affected packages.Risk Factor
MediumCVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)CVSS Base Score
4.0 (CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P)CVSS Temporal Score
3.3 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IReferences
Plugin Information:
Publication date: 2016/11/04, Modification date: 2017/01/11Ports
tcp/0
Remote package installed : krb5-libs-1.13.2-10.el7 Should be : krb5-libs-1.14.1-26.el7 Remote package installed : krb5-workstation-1.13.2-10.el7 Should be : krb5-workstation-1.14.1-26.el7 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
94556 - RHEL 7 : sudo (RHSA-2016:2593) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for sudo is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix(es) : * It was discovered that the default sudo configuration preserved the value of INPUTRC from the user's environment, which could lead to information disclosure. A local user with sudo access to a restricted program that uses readline could use this flaw to read content from specially formatted files with elevated privileges provided by sudo. (CVE-2016-7091) Note: With this update, INPUTRC was removed from the env_keep list in /etc/sudoers to avoid having sudo preserve the value of this variable when invoking privileged commands. Red Hat would like to thank Grisha Levit for reporting this issue. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.See Also
Solution
Update the affected sudo, sudo-debuginfo and / or sudo-devel packages.Risk Factor
MediumCVSS v3.0 Base Score
4.4 (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)CVSS Base Score
4.9 (CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N)CVSS Temporal Score
4.4 (CVSS2#E:POC/RL:U/RC:ND)References
Plugin Information:
Publication date: 2016/11/04, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : sudo-1.8.6p7-13.el7 Should be : sudo-1.8.6p7-20.el7 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
94564 - RHEL 7 : fontconfig (RHSA-2016:2601) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for fontconfig is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Fontconfig is designed to locate fonts within the system and select them according to requirements specified by applications. Security Fix(es) : * It was found that cache files were insufficiently validated in fontconfig. A local attacker could create a specially crafted cache file to trigger arbitrary free() calls, which in turn could lead to arbitrary code execution. (CVE-2016-5384) Red Hat would like to thank Tobias Stoeckmann for reporting this issue. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.See Also
Solution
Update the affected packages.Risk Factor
MediumCVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)CVSS Base Score
4.6 (CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P)CVSS Temporal Score
3.4 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/11/04, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : fontconfig-2.10.95-7.el7 Should be : fontconfig-2.10.95-10.el7 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
94568 - RHEL 7 : util-linux (RHSA-2016:2605) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for util-linux is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The util-linux packages contain a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, these include the fdisk configuration tool and the login program. Security Fix(es) : * It was found that util-linux's libblkid library did not properly handle Extended Boot Record (EBR) partitions when reading MS-DOS partition tables. An attacker with physical USB access to a protected machine could insert a storage device with a specially crafted partition table that could, for example, trigger an infinite loop in systemd-udevd, resulting in a denial of service on that machine. (CVE-2016-5011) Red Hat would like to thank Michael Gruhn for reporting this issue. Upstream acknowledges Christian Moch as the original reporter. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.See Also
Solution
Update the affected packages.Risk Factor
MediumCVSS Base Score
4.9 (CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C)CVSS Temporal Score
4.0 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/11/04, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : libblkid-2.23.2-21.el7 Should be : libblkid-2.23.2-33.el7 Remote package installed : libmount-2.23.2-21.el7 Should be : libmount-2.23.2-33.el7 Remote package installed : libuuid-2.23.2-21.el7 Should be : libuuid-2.23.2-33.el7 Remote package installed : util-linux-2.23.2-21.el7 Should be : util-linux-2.23.2-33.el7 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
94603 - RHEL 7 : systemd (RHSA-2016:2610) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for systemd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es) : * A flaw was found in the way systemd handled empty notification messages. A local attacker could use this flaw to make systemd freeze its execution, preventing further management of system services, system shutdown, or zombie process collection via systemd. (CVE-2016-7795) Bug Fix(es) : * Previously, the udev device manager automatically enabled all memory banks on IBM z System installations. As a consequence, hot plug memory was enabled automatically, which was incorrect. With this update, system architecture checks have been added to the udev rules to address the problem. As a result, hot plug memory is no longer automatically enabled. (BZ#1381123)See Also
Solution
Update the affected packages.Risk Factor
MediumCVSS v3.0 Base Score
5.5 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)CVSS v3.0 Temporal Score
5.1 (CVSS:3.0/E:F/RL:O/RC:X)CVSS Base Score
4.9 (CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C)CVSS Temporal Score
4.0 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/11/07, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : libgudev1-219-19.el7_2.4 Should be : libgudev1-219-30.el7_3.3 Remote package installed : systemd-219-19.el7_2.4 Should be : systemd-219-30.el7_3.3 Remote package installed : systemd-libs-219-19.el7_2.4 Should be : systemd-libs-219-30.el7_3.3 Remote package installed : systemd-python-219-19.el7_2.4 Should be : systemd-python-219-30.el7_3.3 Remote package installed : systemd-sysv-219-19.el7_2.4 Should be : systemd-sysv-219-30.el7_3.3 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
94605 - RHEL 7 : bind (RHSA-2016:2615) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es) : * A denial of service flaw was found in the way BIND handled responses containing a DNAME answer. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. (CVE-2016-8864) Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Tony Finch (University of Cambridge) and Marco Davids (SIDN Labs) as the original reporters.See Also
Solution
Update the affected packages.Risk Factor
MediumCVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)CVSS Temporal Score
4.1 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/11/07, Modification date: 2017/01/23Ports
tcp/0
Remote package installed : bind-libs-9.9.4-29.el7_2.2 Should be : bind-libs-9.9.4-38.el7_3 Remote package installed : bind-libs-lite-9.9.4-29.el7_2.2 Should be : bind-libs-lite-9.9.4-38.el7_3 Remote package installed : bind-license-9.9.4-29.el7_2.2 Should be : bind-license-9.9.4-38.el7_3 Remote package installed : bind-utils-9.9.4-29.el7_2.2 Should be : bind-utils-9.9.4-38.el7_3 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
94626 - RHEL 6 / 7 : libgcrypt (RHSA-2016:2674) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for libgcrypt is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libgcrypt library provides general-purpose implementations of various cryptographic algorithms. Security Fix(es) : * A design flaw was found in the libgcrypt PRNG (Pseudo-Random Number Generator). An attacker able to obtain the first 580 bytes of the PRNG output could predict the following 20 bytes. (CVE-2016-6313) Red Hat would like to thank Felix Dorre and Vladimir Klebanov for reporting this issue.See Also
Solution
Update the affected libgcrypt, libgcrypt-debuginfo and / or libgcrypt-devel packages.Risk Factor
MediumCVSS v3.0 Base Score
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)CVSS v3.0 Temporal Score
4.9 (CVSS:3.0/E:F/RL:O/RC:X)CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)CVSS Temporal Score
4.1 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/11/08, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : libgcrypt-1.5.3-12.el7 Should be : libgcrypt-1.5.3-13.el7_3.1 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
95600 - RHEL 6 / 7 : sudo (RHSA-2016:2872) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for sudo is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix(es) : * It was discovered that the sudo noexec restriction could have been bypassed if application run via sudo executed system(), popen(), or wordexp() C library functions with a user-supplied argument. A local user permitted to run such application via sudo with noexec restriction could use these flaws to execute arbitrary commands with elevated privileges. (CVE-2016-7032, CVE-2016-7076) These issues were discovered by Florian Weimer (Red Hat).See Also
Solution
Update the affected sudo, sudo-debuginfo and / or sudo-devel packages.Risk Factor
MediumCVSS Base Score
6.6 (CVSS2#AV:L/AC:M/Au:S/C:C/I:C/A:C)CVSS Temporal Score
5.5 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/12/07, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : sudo-1.8.6p7-13.el7 Should be : sudo-1.8.6p7-21.el7_3 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
95983 - RHEL 6 / 7 : vim (RHSA-2016:2972) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for vim is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Vim (Vi IMproved) is an updated and improved version of the vi editor. Security Fix(es) : * A vulnerability was found in vim in how certain modeline options were treated. An attacker could craft a file that, when opened in vim with modelines enabled, could execute arbitrary commands with privileges of the user running vim. (CVE-2016-1248)See Also
Solution
Update the affected packages.Risk Factor
MediumCVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)CVSS Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/12/21, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : vim-common-7.4.160-1.el7 Should be : vim-common-7.4.160-1.el7_3.1 Remote package installed : vim-enhanced-7.4.160-1.el7 Should be : vim-enhanced-7.4.160-1.el7_3.1 Remote package installed : vim-filesystem-7.4.160-1.el7 Should be : vim-filesystem-7.4.160-1.el7_3.1 Remote package installed : vim-minimal-7.4.160-1.el7 Should be : vim-minimal-7.4.160-1.el7_3.1 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
96308 - RHEL 7 : ghostscript (RHSA-2017:0013) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for ghostscript is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es) : * It was found that the ghostscript functions getenv, filenameforall and .libfile did not honor the -dSAFER option, usually used when processing untrusted documents, leading to information disclosure. A specially crafted postscript document could read environment variable, list directory and retrieve file content respectively, from the target. (CVE-2013-5653, CVE-2016-7977) * It was found that the ghostscript function .setdevice suffered a use-after-free vulnerability due to an incorrect reference count. A specially crafted postscript document could trigger code execution in the context of the gs process. (CVE-2016-7978) * It was found that the ghostscript function .initialize_dsc_parser did not validate its parameter before using it, allowing a type confusion flaw. A specially crafted postscript document could cause a crash code execution in the context of the gs process. (CVE-2016-7979) * It was found that ghostscript did not sufficiently check the validity of parameters given to the .sethalftone5 function. A specially crafted postscript document could cause a crash, or execute arbitrary code in the context of the gs process. (CVE-2016-8602)See Also
Solution
Update the affected packages.Risk Factor
MediumCVSS v3.0 Base Score
5.5 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)CVSS v3.0 Temporal Score
5.1 (CVSS:3.0/E:F/RL:O/RC:X)CVSS Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)CVSS Temporal Score
3.6 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2017/01/05, Modification date: 2017/03/13Ports
tcp/0
Remote package installed : ghostscript-9.07-18.el7 Should be : ghostscript-9.07-20.el7_3.1 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
96523 - RHEL 7 : bind (RHSA-2017:0062) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es) : * A denial of service flaw was found in the way BIND processed a response to an ANY query. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. (CVE-2016-9131) * A denial of service flaw was found in the way BIND handled a query response containing inconsistent DNSSEC information. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. (CVE-2016-9147) * A denial of service flaw was found in the way BIND handled an unusually-formed DS record response. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. (CVE-2016-9444) Red Hat would like to thank ISC for reporting these issues.See Also
Solution
Update the affected packages.Risk Factor
MediumCVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)CVSS Temporal Score
4.1 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2017/01/16, Modification date: 2017/02/21Ports
tcp/0
Remote package installed : bind-libs-9.9.4-29.el7_2.2 Should be : bind-libs-9.9.4-38.el7_3.1 Remote package installed : bind-libs-lite-9.9.4-29.el7_2.2 Should be : bind-libs-lite-9.9.4-38.el7_3.1 Remote package installed : bind-license-9.9.4-29.el7_2.2 Should be : bind-license-9.9.4-38.el7_3.1 Remote package installed : bind-utils-9.9.4-29.el7_2.2 Should be : bind-utils-9.9.4-38.el7_3.1 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
96693 - RHEL 6 / 7 : java-1.8.0-openjdk (RHSA-2017:0180) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es) : * It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. (CVE-2017-3241) This issue was addressed by introducing whitelists of classes that can be deserialized by RMI registry or DCG. These whitelists can be customized using the newly introduced sun.rmi.registry.registryFilter and sun.rmi.transport.dgcFilter security properties. * Multiple flaws were discovered in the Libraries and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2017-3272, CVE-2017-3289) * A covert timing channel flaw was found in the DSA implementation in the Libraries component of OpenJDK. A remote attacker could possibly use this flaw to extract certain information about the used key via a timing side channel. (CVE-2016-5548) * It was discovered that the Libraries component of OpenJDK accepted ECSDA signatures using non-canonical DER encoding. This could cause a Java application to accept signature in an incorrect format not accepted by other cryptographic tools. (CVE-2016-5546) * It was discovered that the 2D component of OpenJDK performed parsing of iTXt and zTXt PNG image chunks even when configured to ignore metadata. An attacker able to make a Java application parse a specially crafted PNG image could cause the application to consume an excessive amount of memory. (CVE-2017-3253) * It was discovered that the Libraries component of OpenJDK did not validate the length of the object identifier read from the DER input before allocating memory to store the OID. An attacker able to make a Java application decode a specially crafted DER input could cause the application to consume an excessive amount of memory. (CVE-2016-5547) * It was discovered that the JAAS component of OpenJDK did not use the correct way to extract user DN from the result of the user search LDAP query. A specially crafted user LDAP entry could cause the application to use an incorrect DN. (CVE-2017-3252) * It was discovered that the Networking component of OpenJDK failed to properly parse user info from the URL. A remote attacker could cause a Java application to incorrectly parse an attacker supplied URL and interpret it differently from other applications processing the same URL. (CVE-2016-5552) * Multiple flaws were found in the Networking components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2017-3261, CVE-2017-3231) * A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183) This update mitigates the CVE-2016-2183 issue by adding 3DES cipher suites to the list of legacy algorithms (defined using the jdk.tls.legacyAlgorithms security property) so they are only used if connecting TLS/SSL client and server do not share any other non-legacy cipher suite. Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.See Also
Solution
Update the affected packages.Risk Factor
MediumCVSS v3.0 Base Score
9.6 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)CVSS Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)CVSS Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2017/01/23, Modification date: 2017/02/06Ports
tcp/0
Remote package installed : java-1.8.0-openjdk-1.8.0.71-2.b15.el7_2 Should be : java-1.8.0-openjdk-1.8.0.121-0.b13.el7_3 Remote package installed : java-1.8.0-openjdk-headless-1.8.0.71-2.b15.el7_2 Should be : java-1.8.0-openjdk-headless-1.8.0.121-0.b13.el7_3 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
97121 - RHEL 5 / 6 / 7 : java-1.7.0-openjdk (RHSA-2017:0269) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es) : * It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. (CVE-2017-3241) This issue was addressed by introducing whitelists of classes that can be deserialized by RMI registry or DCG. These whitelists can be customized using the newly introduced sun.rmi.registry.registryFilter and sun.rmi.transport.dgcFilter security properties. * Multiple flaws were discovered in the Libraries and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2017-3272, CVE-2017-3289) * A covert timing channel flaw was found in the DSA implementation in the Libraries component of OpenJDK. A remote attacker could possibly use this flaw to extract certain information about the used key via a timing side channel. (CVE-2016-5548) * It was discovered that the Libraries component of OpenJDK accepted ECSDA signatures using non-canonical DER encoding. This could cause a Java application to accept signature in an incorrect format not accepted by other cryptographic tools. (CVE-2016-5546) * It was discovered that the 2D component of OpenJDK performed parsing of iTXt and zTXt PNG image chunks even when configured to ignore metadata. An attacker able to make a Java application parse a specially crafted PNG image could cause the application to consume an excessive amount of memory. (CVE-2017-3253) * It was discovered that the Libraries component of OpenJDK did not validate the length of the object identifier read from the DER input before allocating memory to store the OID. An attacker able to make a Java application decode a specially crafted DER input could cause the application to consume an excessive amount of memory. (CVE-2016-5547) * It was discovered that the JAAS component of OpenJDK did not use the correct way to extract user DN from the result of the user search LDAP query. A specially crafted user LDAP entry could cause the application to use an incorrect DN. (CVE-2017-3252) * It was discovered that the Networking component of OpenJDK failed to properly parse user info from the URL. A remote attacker could cause a Java application to incorrectly parse an attacker supplied URL and interpret it differently from other applications processing the same URL. (CVE-2016-5552) * Multiple flaws were found in the Networking components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2017-3261, CVE-2017-3231) * A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183) This update mitigates the CVE-2016-2183 issue by adding 3DES cipher suites to the list of legacy algorithms (defined using the jdk.tls.legacyAlgorithms security property) so they are only used if connecting TLS/SSL client and server do not share any other non-legacy cipher suite.See Also
Solution
Update the affected packages.Risk Factor
MediumCVSS v3.0 Base Score
9.6 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)CVSS Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)CVSS Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2017/02/13, Modification date: 2017/02/15Ports
tcp/0
Remote package installed : java-1.7.0-openjdk-1.7.0.95-2.6.4.0.el7_2 Should be : java-1.7.0-openjdk-1.7.0.131-2.6.9.0.el7_3 Remote package installed : java-1.7.0-openjdk-headless-1.7.0.95-2.6.4.0.el7_2 Should be : java-1.7.0-openjdk-headless-1.7.0.131-2.6.9.0.el7_3 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
97200 - RHEL 7 : bind (RHSA-2017:0276) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es) : * A denial of service flaw was found in the way BIND handled query responses when both DNS64 and RPZ were used. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure or a NULL pointer dereference via a specially crafted DNS response. (CVE-2017-3135) Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Ramesh Damodaran (Infoblox) and Aliaksandr Shubnik (Infoblox) as the original reporter.See Also
Solution
Update the affected packages.Risk Factor
MediumCVSS Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)CVSS Temporal Score
3.6 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IReferences
| CVE |
CVE-2017-3135
|
| XREF |
OSVDB:151758 |
| XREF |
RHSA:2017:0276 |
| XREF |
IAVA:2017-A-0043 |
Plugin Information:
Publication date: 2017/02/16, Modification date: 2017/02/21Ports
tcp/0
Remote package installed : bind-libs-9.9.4-29.el7_2.2 Should be : bind-libs-9.9.4-38.el7_3.2 Remote package installed : bind-libs-lite-9.9.4-29.el7_2.2 Should be : bind-libs-lite-9.9.4-38.el7_3.2 Remote package installed : bind-license-9.9.4-29.el7_2.2 Should be : bind-license-9.9.4-38.el7_3.2 Remote package installed : bind-utils-9.9.4-29.el7_2.2 Should be : bind-utils-9.9.4-38.el7_3.2 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
97294 - RHEL 6 / 7 : openssl (RHSA-2017:0286) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for openssl is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es) : * An integer underflow leading to an out of bounds read flaw was found in OpenSSL. A remote attacker could possibly use this flaw to crash a 32-bit TLS/SSL server or client using OpenSSL if it used the RC4-MD5 cipher suite. (CVE-2017-3731) * A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections form other clients. (CVE-2016-8610)See Also
Solution
Update the affected packages.Risk Factor
MediumCVSS Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)CVSS Temporal Score
3.2 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2017/02/21, Modification date: 2017/02/27Ports
tcp/0
Remote package installed : openssl-1.0.1e-51.el7_2.4 Should be : openssl-1.0.1e-60.el7_3.1 Remote package installed : openssl-libs-1.0.1e-51.el7_2.4 Should be : openssl-libs-1.0.1e-60.el7_3.1 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
94544 - RHEL 7 : NetworkManager (RHSA-2016:2581) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for NetworkManager is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband (WWAN), and PPPoE devices, as well as providing VPN integration with a variety of different VPN services. The following packages have been upgraded to a newer upstream version: NetworkManager (1.4.0), NetworkManager-libreswan (1.2.4), network-manager-applet (1.4.0), libnl3 (3.2.28). (BZ#1264552, BZ#1296058, BZ#1032717, BZ#1271581) Security Fix(es) : * A race condition vulnerability was discovered in NetworkManager. Temporary files were created insecurely when saving or updating connection settings, which could allow local users to read connection secrets such as VPN passwords or WiFi keys. (CVE-2016-0764) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.See Also
Solution
Update the affected packages.Risk Factor
LowCVSS Base Score
2.1 (CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N)CVSS Temporal Score
1.6 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/11/04, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : NetworkManager-1.0.6-27.el7 Should be : NetworkManager-1.4.0-12.el7 Remote package installed : NetworkManager-config-server-1.0.6-27.el7 Should be : NetworkManager-config-server-1.4.0-12.el7 Remote package installed : NetworkManager-libnm-1.0.6-27.el7 Should be : NetworkManager-libnm-1.4.0-12.el7 Remote package installed : NetworkManager-team-1.0.6-27.el7 Should be : NetworkManager-team-1.4.0-12.el7 Remote package installed : NetworkManager-tui-1.0.6-27.el7 Should be : NetworkManager-tui-1.4.0-12.el7 Remote package installed : libnl3-3.2.21-8.el7 Should be : libnl3-3.2.28-2.el7 Remote package installed : libnl3-cli-3.2.21-8.el7 Should be : libnl3-cli-3.2.28-2.el7 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
94555 - RHEL 7 : subscription-manager (RHSA-2016:2592) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for subscription-manager, subscription-manager-migration-data, and python-rhsm is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform. The subscription-manager-migration-data package provides certificates for migrating a system from the legacy Red Hat Network Classic (RHN) to Red Hat Subscription Management (RHSM). The python-rhsm packages provide a library for communicating with the representational state transfer (REST) interface of a Red Hat Unified Entitlement Platform. The Subscription Management tools use this interface to manage system entitlements, certificates, and access to content. The following packages have been upgraded to a newer upstream version: subscription-manager (1.17.15), python-rhsm (1.17.9), subscription-manager-migration-data (2.0.31). (BZ#1328553, BZ#1328555, BZ#1328559) Security Fix(es) : * It was found that subscription-manager set weak permissions on files in /var/lib/rhsm/, causing an information disclosure. A local, unprivileged user could use this flaw to access sensitive data that could potentially be used in a social engineering attack. (CVE-2016-4455) Red Hat would like to thank Robert Scheck for reporting this issue. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.See Also
Solution
Update the affected packages.Risk Factor
LowCVSS Base Score
1.7 (CVSS2#AV:L/AC:L/Au:S/C:P/I:N/A:N)CVSS Temporal Score
1.4 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/11/04, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : python-rhsm-1.13.10-1.el7 Should be : python-rhsm-1.17.9-1.el7 Remote package installed : subscription-manager-1.13.22-1.el7 Should be : subscription-manager-1.17.15-1.el7 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
12634 - Authenticated Check : OS Name and Installed Package Enumeration |
[-/+] |
Synopsis
This plugin gathers information about the remote host via an authenticated session.Description
This plugin logs into the remote host using SSH, RSH, RLOGIN, Telnet, or local commands and extracts the list of installed packages. If using SSH, the scan should be configured with a valid SSH public key and possibly an SSH passphrase (if the SSH public key is protected by a passphrase).Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/07/06, Modification date: 2017/04/10Ports
tcp/0
It was possible to log into the remote host using the supplied password. The output of "uname -a" is : Linux bldas01 3.10.0-327.10.1.el7.x86_64 #1 SMP Sat Jan 23 04:54:55 EST 2016 x86_64 x86_64 x86_64 GNU/Linux The remote Red Hat system is : Red Hat Enterprise Linux Server release 7.1 (Maipo) Local security checks have been enabled for this host.
|
19506 - Nessus Scan Information |
[-/+] |
Synopsis
This plugin displays information about the Nessus scan.Description
This plugin displays, for each tested host, information about the scan itself : - The version of the plugin set. - The type of scanner (Nessus or Nessus Home). - The version of the Nessus Engine. - The port scanner(s) used. - The port range scanned. - Whether credentialed or third-party patch management checks are possible. - The date of the scan. - The duration of the scan. - The number of hosts scanned in parallel. - The number of checks done in parallel.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2005/08/26, Modification date: 2017/02/24Ports
tcp/0
Information about this scan : Nessus version : 6.10.4 Plugin feed version : 201704110615 Scanner edition used : Nessus Scan type : Normal Scan policy used : Credentialed Patch Audit Scanner IP : 192.168.109.112 Port scanner(s) : netstat Port range : 1-65535 Thorough tests : no Experimental tests : no Paranoia level : 1 Report verbosity : 1 Safe checks : yes Optimize the test : yes Credentialed checks : yes, as 'root' via ssh Patch management checks : None CGI scanning : disabled Web application tests : disabled Max hosts : 30 Max checks : 4 Recv timeout : 5 Backports : None Allow post-scan editing: Yes Scan Start Date : 2017/4/12 1:00 W. Europe Standard Time Scan duration : 537 sec
|
66334 - Patch Report |
[-/+] |
Synopsis
The remote host is missing several patches.Description
The remote host is missing one or more security patches. This plugin lists the newest version of each patch to install to make sure the remote host is up-to-date.Solution
Install the patches listed below.Risk Factor
NonePlugin Information:
Publication date: 2013/07/08, Modification date: 2017/03/14Ports
tcp/0
. You need to take the following 36 actions : [ RHEL 5 / 6 / 7 : firefox (RHSA-2016:0373) (89774) ] + Action to take : Update the affected firefox and / or firefox-debuginfo packages. +Impact : Taking this action will resolve 26 different vulnerabilities (CVEs). [ RHEL 5 / 6 / 7 : java-1.7.0-openjdk (RHSA-2017:0269) (97121) ] + Action to take : Update the affected packages. +Impact : Taking this action will resolve 29 different vulnerabilities (CVEs). [ RHEL 5 / 6 / 7 : nss and nss-util (RHSA-2016:2779) (94912) ] + Action to take : Update the affected packages. +Impact : Taking this action will resolve 6 different vulnerabilities (CVEs). [ RHEL 6 / 7 : ImageMagick (RHSA-2016:1237) (91642) ] + Action to take : Update the affected packages. +Impact : Taking this action will resolve 12 different vulnerabilities (CVEs). [ RHEL 6 / 7 : expat (RHSA-2016:2824) (95381) ] + Action to take : Update the affected packages. [ RHEL 6 / 7 : java-1.8.0-openjdk (RHSA-2017:0180) (96693) ] + Action to take : Update the affected packages. +Impact : Taking this action will resolve 31 different vulnerabilities (CVEs). [ RHEL 6 / 7 : libgcrypt (RHSA-2016:2674) (94626) ] + Action to take : Update the affected libgcrypt, libgcrypt-debuginfo and / or libgcrypt-devel packages. [ RHEL 6 / 7 : libssh2 (RHSA-2016:0428) (89820) ] + Action to take : Update the affected packages. [ RHEL 6 / 7 : libtiff (RHSA-2017:0225) (96948) ] + Action to take : Update the affected packages. +Impact : Taking this action will resolve 27 different vulnerabilities (CVEs). [ RHEL 6 / 7 : libxml2 (RHSA-2016:1292) (91802) ] + Action to take : Update the affected packages. +Impact : Taking this action will resolve 14 different vulnerabilities (CVEs). [ RHEL 6 / 7 : ntp (RHSA-2017:0252) (97011) ] + Action to take : Update the affected packages. +Impact : Taking this action will resolve 24 different vulnerabilities (CVEs). [ RHEL 6 / 7 : openssl (RHSA-2017:0286) (97294) ] + Action to take : Update the affected packages. +Impact : Taking this action will resolve 18 different vulnerabilities (CVEs). [ RHEL 6 / 7 : sudo (RHSA-2016:2872) (95600) ] + Action to take : Update the affected sudo, sudo-debuginfo and / or sudo-devel packages. +Impact : Taking this action will resolve 3 different vulnerabilities (CVEs). [ RHEL 6 / 7 : vim (RHSA-2016:2972) (95983) ] + Action to take : Update the affected packages. [ RHEL 7 : NetworkManager (RHSA-2016:2581) (94544) ] + Action to take : Update the affected packages. [ RHEL 7 : bind (RHSA-2017:0276) (97200) ] + Action to take : Update the affected packages. +Impact : Taking this action will resolve 8 different vulnerabilities (CVEs). [ RHEL 7 : curl (RHSA-2016:2575) (94538) ] + Action to take : Update the affected packages. +Impact : Taking this action will resolve 3 different vulnerabilities (CVEs). [ RHEL 7 : dhcp (RHSA-2016:2590) (94553) ] + Action to take : Update the affected packages. [ RHEL 7 : fontconfig (RHSA-2016:2601) (94564) ] + Action to take : Update the affected packages. [ RHEL 7 : ghostscript (RHSA-2017:0013) (96308) ] + Action to take : Update the affected packages. +Impact : Taking this action will resolve 5 different vulnerabilities (CVEs). [ RHEL 7 : glibc (RHSA-2016:2573) (94536) ] + Action to take : Update the affected packages. [ RHEL 7 : graphite2 (RHSA-2016:0594) (90387) ] + Action to take : Update the affected graphite2, graphite2-debuginfo and / or graphite2-devel packages. +Impact : Taking this action will resolve 4 different vulnerabilities (CVEs). [ RHEL 7 : kernel (RHSA-2017:0386) (97509) ] + Action to take : Update the affected packages. +Impact : Taking this action will resolve 48 different vulnerabilities (CVEs). [ RHEL 7 : krb5 (RHSA-2016:2591) (94554) ] + Action to take : Update the affected packages. +Impact : Taking this action will resolve 5 different vulnerabilities (CVEs). [ RHEL 7 : libndp (RHSA-2016:1086) (91214) ] + Action to take : Update the affected libndp, libndp-debuginfo and / or libndp-devel packages. [ RHEL 7 : mariadb (RHSA-2016:2595) (94558) ] + Action to take : Update the affected packages. +Impact : Taking this action will resolve 51 different vulnerabilities (CVEs). [ RHEL 7 : nettle (RHSA-2016:2582) (94545) ] + Action to take : Update the affected nettle, nettle-debuginfo and / or nettle-devel packages. +Impact : Taking this action will resolve 4 different vulnerabilities (CVEs). [ RHEL 7 : openssh (RHSA-2016:2588) (94551) ] + Action to take : Update the affected packages. +Impact : Taking this action will resolve 3 different vulnerabilities (CVEs). [ RHEL 7 : pcre (RHSA-2016:1025) (91078) ] + Action to take : Update the affected packages. +Impact : Taking this action will resolve 8 different vulnerabilities (CVEs). [ RHEL 7 : policycoreutils (RHSA-2017:0536) (97769) ] + Action to take : Update the affected packages. [ RHEL 7 : python (RHSA-2016:2586) (94549) ] + Action to take : Update the affected packages. +Impact : Taking this action will resolve 2 different vulnerabilities (CVEs). [ RHEL 7 : samba (RHSA-2016:1486) (92579) ] + Action to take : Update the affected packages. +Impact : Taking this action will resolve 10 different vulnerabilities (CVEs). [ RHEL 7 : subscription-manager (RHSA-2016:2592) (94555) ] + Action to take : Update the affected packages. [ RHEL 7 : systemd (RHSA-2016:2610) (94603) ] + Action to take : Update the affected packages. [ RHEL 7 : util-linux (RHSA-2016:2605) (94568) ] + Action to take : Update the affected packages. [ RHEL 7 : wget (RHSA-2016:2587) (94550) ] + Action to take : Update the affected wget and / or wget-debuginfo packages.
22/tcp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/22
Port 22/tcp was found to be open
88/tcp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/88
Port 88/tcp was found to be open
111/udp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
udp/111
Port 111/udp was found to be open
161/udp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
udp/161
Port 161/udp was found to be open
389/tcp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/389
Port 389/tcp was found to be open
749/tcp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/749
Port 749/tcp was found to be open
1005/udp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
udp/1005
Port 1005/udp was found to be open
2222/tcp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/2222
Port 2222/tcp was found to be open
2225/tcp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/2225
Port 2225/tcp was found to be open
2233/tcp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/2233
Port 2233/tcp was found to be open
2236/tcp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/2236
Port 2236/tcp was found to be open
2241/tcp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/2241
Port 2241/tcp was found to be open
2242/tcp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/2242
Port 2242/tcp was found to be open
3338/tcp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/3338
Port 3338/tcp was found to be open
4357/tcp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/4357
Port 4357/tcp was found to be open
4359/tcp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/4359
Port 4359/tcp was found to be open
6201/tcp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/6201
Port 6201/tcp was found to be open
6202/tcp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/6202
Port 6202/tcp was found to be open
6203/tcp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/6203
Port 6203/tcp was found to be open
6204/udp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
udp/6204
Port 6204/udp was found to be open
6205/tcp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/6205
Port 6205/tcp was found to be open
6206/tcp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/6206
Port 6206/tcp was found to be open
6207/tcp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/6207
Port 6207/tcp was found to be open
6209/udp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
udp/6209
Port 6209/udp was found to be open
6224/tcp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/6224
Port 6224/tcp was found to be open
6225/tcp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/6225
Port 6225/tcp was found to be open
6226/tcp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/6226
Port 6226/tcp was found to be open
6227/tcp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/6227
Port 6227/tcp was found to be open
6228/tcp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/6228
Port 6228/tcp was found to be open
6229/tcp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/6229
Port 6229/tcp was found to be open
6230/tcp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/6230
Port 6230/tcp was found to be open
6231/tcp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/6231
Port 6231/tcp was found to be open
6232/tcp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/6232
Port 6232/tcp was found to be open
6233/tcp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/6233
Port 6233/tcp was found to be open
6249/tcp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/6249
Port 6249/tcp was found to be open
6250/tcp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/6250
Port 6250/tcp was found to be open
6252/tcp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/6252
Port 6252/tcp was found to be open
6255/tcp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/6255
Port 6255/tcp was found to be open
6258/tcp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/6258
Port 6258/tcp was found to be open
6260/tcp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/6260
Port 6260/tcp was found to be open
6262/tcp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/6262
Port 6262/tcp was found to be open
6263/tcp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/6263
Port 6263/tcp was found to be open
6265/tcp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/6265
Port 6265/tcp was found to be open
6266/tcp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/6266
Port 6266/tcp was found to be open
6406/tcp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/6406
Port 6406/tcp was found to be open
6407/tcp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/6407
Port 6407/tcp was found to be open
49360/udp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
udp/49360
Port 49360/udp was found to be open
50457/udp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
udp/50457
Port 50457/udp was found to be open
53934/tcp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/53934
Port 53934/tcp was found to be open
54419/udp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
udp/54419
Port 54419/udp was found to be open
54763/udp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
udp/54763
Port 54763/udp was found to be open
56238/udp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
udp/56238
Port 56238/udp was found to be open
59275/udp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
udp/59275
Port 59275/udp was found to be open
59905/udp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
udp/59905
Port 59905/udp was found to be open
63706/udp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
udp/63706
Port 63706/udp was found to be open
64812/udp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
udp/64812
Port 64812/udp was found to be open
64886/udp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
udp/64886
Port 64886/udp was found to be open
65190/udp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
udp/65190
Port 65190/udp was found to be open
192.168.109.21
Scan Information
| Start time: |
Wed Apr 12 01:00:39 2017 |
| End time: |
Wed Apr 12 01:13:42 2017 |
Host Information
| DNS Name: |
bldad01 |
| Netbios Name: |
BLDAD01 |
| IP: |
192.168.109.21 |
| MAC Address: |
00:0C:29:C9:6C:C7 |
| OS: |
Microsoft Windows Server 2012 R2 Standard |
Results Summary
| Critical |
High |
Medium |
Low |
Info |
Total |
| 5 |
61 |
15 |
3 |
146 |
230 |
Results Details
0/tcp
|
10897 - Microsoft Windows - Users Information : Disabled Accounts |
[-/+] |
Synopsis
At least one user account has been disabled.Description
Using the supplied credentials, Nessus was able to list user accounts that have been disabled.Solution
Delete accounts that are no longer needed.Risk Factor
NoneReferences
Plugin Information:
Publication date: 2002/03/15, Modification date: 2017/01/26Ports
tcp/0
The following user accounts have been disabled : - krbtgt - Guest Note that, in addition to the Administrator, Guest, and Kerberos accounts, Nessus has enumerated only those domain users with UIDs between 1000 and 1200. To use a different range, edit the scan policy and change the 'Start UID' and/or 'End UID' preferences for 'SMB use domain SID to enumerate users' setting, and then re-run the scan.
|
10898 - Microsoft Windows - Users Information : Never Changed Password |
[-/+] |
Synopsis
At least one user has never changed his or her password.Description
Using the supplied credentials, Nessus was able to list users who have never changed their passwords.Solution
Allow or require users to change their passwords regularly.Risk Factor
NoneReferences
Plugin Information:
Publication date: 2002/03/15, Modification date: 2017/01/26Ports
tcp/0
The following user has never changed his/her password : - Guest Note that, in addition to the Administrator, Guest, and Kerberos accounts, Nessus has enumerated only those domain users with UIDs between 1000 and 1200. To use a different range, edit the scan policy and change the 'Start UID' and/or 'End UID' preferences for 'SMB use domain SID to enumerate users' setting, and then re-run the scan.
|
10899 - Microsoft Windows - Users Information : User Has Never Logged In |
[-/+] |
Synopsis
At least one user has never logged into his or her account.Description
Using the supplied credentials, Nessus was able to list users who have never logged into their accounts.Solution
Delete accounts that are not needed.Risk Factor
NoneReferences
Plugin Information:
Publication date: 2002/03/15, Modification date: 2017/01/26Ports
tcp/0
The following users have never logged in : - krbtgt - Guest - hisspd - nmoper - nmuser - nmadmin - nmsbldad01$ - nmsbldde01$ - nmsORADBbldas01$ - nmsORADBbldas02$ - linux-ldap-user - ws500 - operator2 - operator3 - operator4 - operator5 - operator6 - operator7 - instructor - is500 - NmScadaFileUser Note that, in addition to the Administrator, Guest, and Kerberos accounts, Nessus has enumerated only those domain users with UIDs between 1000 and 1200. To use a different range, edit the scan policy and change the 'Start UID' and/or 'End UID' preferences for 'SMB use domain SID to enumerate users' setting, and then re-run the scan.
|
10900 - Microsoft Windows - Users Information : Passwords Never Expire |
[-/+] |
Synopsis
At least one user has a password that never expires.Description
Using the supplied credentials, Nessus was able to list users that are enabled and whose passwords never expire.Solution
Allow or require users to change their passwords regularly.Risk Factor
NoneReferences
Plugin Information:
Publication date: 2002/03/15, Modification date: 2017/01/26Ports
tcp/0
The following users have passwords that never expire : - Administrator - hisspd - netman - oracle - nmoper - nmuser - nmadmin - linux-ldap-user - ws500 - sadmin - operator1 - operator2 - operator3 - operator4 - operator5 - operator6 - operator7 - instructor - NmScadaFileUser Note that, in addition to the Administrator, Guest, and Kerberos accounts, Nessus has enumerated only those domain users with UIDs between 1000 and 1200. To use a different range, edit the scan policy and change the 'Start UID' and/or 'End UID' preferences for this plugin, then re-run the scan.
|
10908 - Microsoft Windows 'Domain Administrators' Group User List |
[-/+] |
Synopsis
There is at least one user in the 'Domain Administrators' group.Description
Using the supplied credentials, it is possible to extract the member list of the 'Domain Administrators' group. Members of this group have complete access to the Windows Domain.Solution
Verify that each member of the group should have this type of access.Risk Factor
NonePlugin Information:
Publication date: 2002/03/15, Modification date: 2015/01/12Ports
tcp/0
The following user is a member of the 'Domain Administrators' group : - Administrator
|
10913 - Microsoft Windows - Local Users Information : Disabled Accounts |
[-/+] |
Synopsis
At least one local user account has been disabled.Description
Using the supplied credentials, Nessus was able to list local user accounts that have been disabled.Solution
Delete accounts that are no longer needed.Risk Factor
NoneReferences
Plugin Information:
Publication date: 2002/03/17, Modification date: 2017/01/26Ports
tcp/0
The following local user account has been disabled : - Guest Note that, in addition to the Administrator and Guest accounts, Nessus has only checked for local users with UIDs between 1000 and 1200. To use a different range, edit the scan policy and change the 'Start UID' and/or 'End UID' preferences for 'SMB use host SID to enumerate local users' setting, and then re-run the scan.
|
10914 - Microsoft Windows - Local Users Information : Never Changed Passwords |
[-/+] |
Synopsis
At least one local user has never changed his or her password.Description
Using the supplied credentials, Nessus was able to list local users who have never changed their passwords.Solution
Allow or require users to change their passwords regularly.Risk Factor
NoneReferences
Plugin Information:
Publication date: 2002/03/17, Modification date: 2017/01/26Ports
tcp/0
The following local user has never changed his/her password : - Guest Note that, in addition to the Administrator and Guest accounts, Nessus has only checked for local users with UIDs between 1000 and 1200. To use a different range, edit the scan policy and change the 'Start UID' and/or 'End UID' preferences for 'SMB use host SID to enumerate local users' setting, and then re-run the scan.
|
10915 - Microsoft Windows - Local Users Information : User Has Never Logged In |
[-/+] |
Synopsis
At least one local user has never logged into his or her account.Description
Using the supplied credentials, Nessus was able to list local users who have never logged into their accounts.Solution
Delete accounts that are not needed.Risk Factor
NoneReferences
Plugin Information:
Publication date: 2002/03/17, Modification date: 2017/01/26Ports
tcp/0
The following local users have never logged in : - Guest - hisspd - nmoper - nmuser - nmadmin - nmsbldad01$ - nmsbldde01$ - nmsORADBbldas01$ - nmsORADBbldas02$ - linux-ldap-user - ws500 - operator2 - operator3 - operator4 - operator5 - operator6 - operator7 - instructor - is500 - NmScadaFileUser Note that, in addition to the Administrator and Guest accounts, Nessus has only checked for local users with UIDs between 1000 and 1200. To use a different range, edit the scan policy and change the 'Start UID' and/or 'End UID' preferences for 'SMB use host SID to enumerate local users' setting, and then re-run the scan.
|
10916 - Microsoft Windows - Local Users Information : Passwords Never Expire |
[-/+] |
Synopsis
At least one local user has a password that never expires.Description
Using the supplied credentials, Nessus was able to list local users that are enabled and whose passwords never expire.Solution
Allow or require users to change their passwords regularly.Risk Factor
NoneReferences
Plugin Information:
Publication date: 2002/03/17, Modification date: 2017/01/26Ports
tcp/0
The following local users have passwords that never expire : - Administrator - hisspd - netman - oracle - nmoper - nmuser - nmadmin - linux-ldap-user - ws500 - sadmin - operator1 - operator2 - operator3 - operator4 - operator5 - operator6 - operator7 - instructor - NmScadaFileUser Note that, in addition to the Administrator and Guest accounts, Nessus has only checked for local users with UIDs between 1000 and 1200. To use a different range, edit the scan policy and change the 'Start UID' and/or 'End UID' preferences for this plugin, then re-run the scan.
|
19506 - Nessus Scan Information |
[-/+] |
Synopsis
This plugin displays information about the Nessus scan.Description
This plugin displays, for each tested host, information about the scan itself : - The version of the plugin set. - The type of scanner (Nessus or Nessus Home). - The version of the Nessus Engine. - The port scanner(s) used. - The port range scanned. - Whether credentialed or third-party patch management checks are possible. - The date of the scan. - The duration of the scan. - The number of hosts scanned in parallel. - The number of checks done in parallel.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2005/08/26, Modification date: 2017/02/24Ports
tcp/0
Information about this scan : Nessus version : 6.10.4 Plugin feed version : 201704110615 Scanner edition used : Nessus Scan type : Normal Scan policy used : Credentialed Patch Audit Scanner IP : 192.168.109.112 Port scanner(s) : wmi_netstat Port range : 1-65535 Thorough tests : no Experimental tests : no Paranoia level : 1 Report verbosity : 1 Safe checks : yes Optimize the test : yes Credentialed checks : yes, as '192.168.109.21\Administrator' via SMB Patch management checks : None CGI scanning : disabled Web application tests : disabled Max hosts : 30 Max checks : 4 Recv timeout : 5 Backports : None Allow post-scan editing: Yes Scan Start Date : 2017/4/12 1:00 W. Europe Standard Time Scan duration : 779 sec
|
24269 - Windows Management Instrumentation (WMI) Available |
[-/+] |
Synopsis
WMI queries can be made against the remote host.Description
The supplied credentials can be used to make WMI (Windows Management Instrumentation) requests against the remote host over DCOM. These requests can be used to gather information about the remote host, such as its current state, network interface configuration, etc.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2007/02/03, Modification date: 2017/04/03Ports
tcp/0
|
24270 - Computer Manufacturer Information (WMI) |
[-/+] |
Synopsis
It is possible to obtain the name of the remote computer manufacturer.Description
By making certain WMI queries, it is possible to obtain the model of the remote computer as well as the name of its manufacturer and its serial number.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2007/02/02, Modification date: 2017/04/03Ports
tcp/0
Computer Manufacturer : VMware, Inc. Computer Model : VMware Virtual Platform Computer SerialNumber : VMware-56 4d 39 18 e3 53 05 7e-50 11 d9 04 6c 99 19 f0 Computer Type : Other Computer Physical CPU's : 2 Computer Logical CPU's : 2 CPU0 Architecture : x64 Physical Cores: 1 Logical Cores : 1 CPU1 Architecture : x64 Physical Cores: 1 Logical Cores : 1 Computer Memory : 4095 MB RAM slot #0 Form Factor: DIMM Type : DRAM Capacity : 4096 MB
|
24272 - Network Interfaces Enumeration (WMI) |
[-/+] |
Synopsis
Nessus was able to obtain the list of network interfaces on the remote host.Description
Nessus was able, via WMI queries, to extract a list of network interfaces on the remote host and the IP addresses attached to them. Note that this plugin only enumerates IPv6 addresses for systems running Windows Vista or later.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2007/02/03, Modification date: 2017/04/03Ports
tcp/0
+ Network Interface Information : - Network Interface = [00000015] vmxnet3 Ethernet Adapter - MAC Address = 00:0C:29:C9:6C:C7 - IPAddress/IPSubnet = 192.168.109.21/255.255.255.0 - IPAddress/IPSubnet = fe80::30bb:431c:4093:e55/64 + Routing Information : Destination Netmask Gateway ----------- ------- ------- 0.0.0.0 0.0.0.0 192.168.109.1 127.0.0.0 255.0.0.0 0.0.0.0 127.0.0.1 255.255.255.255 0.0.0.0 127.255.255.255 255.255.255.255 0.0.0.0 192.168.109.0 255.255.255.0 0.0.0.0 192.168.109.21 255.255.255.255 0.0.0.0 192.168.109.255 255.255.255.255 0.0.0.0 224.0.0.0 240.0.0.0 0.0.0.0 224.0.0.0 240.0.0.0 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.0
|
34096 - BIOS Version (WMI) |
[-/+] |
Synopsis
The BIOS version could be read.Description
It is possible to get information about the BIOS vendor and its version via the host's WMI interface.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/05, Modification date: 2017/04/03Ports
tcp/0
Vendor : Phoenix Technologies LTD Version : 6.00 Release date : 20140930000000.000000+000 UUID : 18394D56-53E3-7E05-5011-D9046C9919F0
|
34220 - Netstat Portscanner (WMI) |
[-/+] |
Synopsis
The list of open ports could be retrieved via netstat.Description
Using the WMI interface, it was possible to get the open ports by running the netstat command remotely.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/16, Modification date: 2017/04/03Ports
tcp/0
Note that 2503 UDP ports belonging to DNS.exe have been ignored.
|
38153 - Microsoft Windows Summary of Missing Patches |
[-/+] |
Synopsis
The remote host is missing several Microsoft security patches.Description
This plugin summarizes updates for Microsoft Security Bulletins that have not been installed on the remote Windows host based on the results of either a credentialed check using the supplied credentials or a check done using a supported third-party patch management tool. Review the summary and apply any missing updates in order to be up-to- date.Solution
Run Windows Update on the remote host or use a patch management solution.Risk Factor
NonePlugin Information:
Publication date: 2009/04/24, Modification date: 2013/02/04Ports
tcp/0
The patches for the following bulletins are missing on the remote host : - MS11-025 ( http://technet.microsoft.com/en-us/security/bulletin/ms11-025 ) - MS15-124 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-124 ) - MS16-037 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-037 ) - MS16-039 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-039 ) - MS16-040 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-040 ) - MS16-044 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-044 ) - MS16-047 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-047 ) - MS16-048 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-048 ) - MS16-051 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-051 ) - MS16-055 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-055 ) - MS16-057 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-057 ) - MS16-060 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-060 ) - MS16-061 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-061 ) - MS16-062 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-062 ) - MS16-063 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-063 ) - MS16-065 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-065 ) - MS16-067 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-067 ) - MS16-071 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-071 ) - MS16-072 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-072 ) - MS16-073 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-073 ) - MS16-074 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-074 ) - MS16-075 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-075 ) - MS16-076 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-076 ) - MS16-077 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-077 ) - MS16-080 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-080 ) - MS16-081 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-081 ) - MS16-082 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-082 ) - MS16-084 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-084 ) - MS16-087 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-087 ) - MS16-090 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-090 ) - MS16-091 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-091 ) - MS16-092 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-092 ) - MS16-094 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-094 ) - MS16-095 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-095 ) - MS16-097 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-097 ) - MS16-098 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-098 ) - MS16-100 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-100 ) - MS16-101 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-101 ) - MS16-102 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-102 ) - MS16-104 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-104 ) - MS16-106 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-106 ) - MS16-110 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-110 ) - MS16-111 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-111 ) - MS16-112 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-112 ) - MS16-114 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-114 ) - MS16-115 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-115 ) - MS16-116 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-116 ) - MS16-118 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-118 ) - MS16-120 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-120 ) - MS16-123 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-123 ) - MS16-124 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-124 ) - MS16-130 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-130 ) - MS16-132 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-132 ) - MS16-134 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-134 ) - MS16-135 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-135 ) - MS16-137 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-137 ) - MS16-138 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-138 ) - MS16-140 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-140 ) - MS16-142 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-142 ) - MS16-144 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-144 ) - MS16-146 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-146 ) - MS16-147 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-147 ) - MS16-149 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-149 ) - MS16-151 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-151 ) - MS16-153 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-153 ) - MS17-006 ( http://technet.microsoft.com/en-us/security/bulletin/ms17-006 ) - MS17-009 ( http://technet.microsoft.com/en-us/security/bulletin/ms17-009 ) - MS17-010 ( http://technet.microsoft.com/en-us/security/bulletin/ms17-010 ) - MS17-011 ( http://technet.microsoft.com/en-us/security/bulletin/ms17-011 ) - MS17-012 ( http://technet.microsoft.com/en-us/security/bulletin/ms17-012 ) - MS17-013 ( http://technet.microsoft.com/en-us/security/bulletin/ms17-013 ) - MS17-016 ( http://technet.microsoft.com/en-us/security/bulletin/ms17-016 ) - MS17-017 ( http://technet.microsoft.com/en-us/security/bulletin/ms17-017 ) - MS17-018 ( http://technet.microsoft.com/en-us/security/bulletin/ms17-018 ) - MS17-021 ( http://technet.microsoft.com/en-us/security/bulletin/ms17-021 ) - MS17-022 ( http://technet.microsoft.com/en-us/security/bulletin/ms17-022 )
|
44871 - WMI Windows Feature Enumeration |
[-/+] |
Synopsis
It is possible to enumerate Windows features using WMI.Description
Nessus was able to enumerate the server features of the remote host by querying the 'Win32_ServerFeature' class of the '\Root\cimv2' WMI namespace for Windows Server versions or the 'Win32_OptionalFeature' class of the '\Root\cimv2' WMI namespace for Windows Desktop versions. Note that Features can only be enumerated for Windows 7 and later for desktop versions.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2010/02/24, Modification date: 2017/04/03Ports
tcp/0
Nessus enumerated the following Windows features : - .NET Framework 3.5 (includes .NET 2.0 and 3.0) - .NET Framework 3.5 Features - .NET Framework 4.5 - .NET Framework 4.5 Features - AD DS Snap-Ins and Command-Line Tools - AD DS Tools - AD DS and AD LDS Tools - Active Directory Administrative Center - Active Directory Certificate Services - Active Directory Certificate Services Tools - Active Directory Domain Services - Active Directory module for Windows PowerShell - Certification Authority - Certification Authority Management Tools - DFS Management Tools - DFS Namespaces - DHCP Server - DHCP Server Tools - DNS Server - DNS Server Tools - Feature Administration Tools - File Server - File Services Tools - File and Storage Services - File and iSCSI Services - Graphical Management Tools and Infrastructure - Group Policy Management - Remote Server Administration Tools - Role Administration Tools - SMB 1.0/CIFS File Sharing Support - SNMP Service - SNMP Tools - SNMP WMI Provider - Server Graphical Shell - Storage Services - TCP Port Sharing - User Interfaces and Infrastructure - WCF Services - Windows PowerShell - Windows PowerShell 2.0 Engine - Windows PowerShell 4.0 - Windows PowerShell ISE - WoW64 Support
|
48337 - Windows ComputerSystemProduct Enumeration (WMI) |
[-/+] |
Synopsis
It is possible to obtain product information from the remote host using WMI.Description
By querying the WMI class 'Win32_ComputerSystemProduct', it is possible to extract product information about the computer system such as UUID, IdentifyingNumber, vendor, etc.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2010/08/16, Modification date: 2017/04/03Ports
tcp/0
+ Computer System Product - IdentifyingNumber : VMware-56 4d 39 18 e3 53 05 7e-50 11 d9 04 6c 99 19 f0 - Description : Computer System Product - Vendor : VMware, Inc. - Name : VMware Virtual Platform - UUID : 18394D56-53E3-7E05-5011-D9046C9919F0 - Version : None
|
52001 - WMI QuickFixEngineering (QFE) Enumeration |
[-/+] |
Synopsis
The remote Windows host has quick-fix engineering updates installed.Description
By connecting to the remote host with the supplied credentials, this plugin enumerates quick-fix engineering updates installed on the remote host via WMI.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2011/02/16, Modification date: 2017/04/03Ports
tcp/0
Here is a list of quick-fix engineering updates installed on the remote system : + KB2959936 - Description : Update - InstalledOn : 11/21/2014 + KB2894852 - Description : Security Update - InstalledOn : 4/7/2016 + KB2894856 - Description : Security Update - InstalledOn : 4/7/2016 + KB2896496 - Description : Update - InstalledOn : 11/21/2014 + KB2919355 - Description : Update - InstalledOn : 11/21/2014 + KB2920189 - Description : Security Update - InstalledOn : 11/21/2014 + KB2933826 - Description : Security Update - InstalledOn : 11/21/2014 + KB2938772 - Description : Update - InstalledOn : 11/21/2014 + KB2949621 - Description : Hotfix - InstalledOn : 11/21/2014 + KB2954879 - Description : Update - InstalledOn : 11/21/2014 + KB2958262 - Description : Update - InstalledOn : 11/21/2014 + KB2958263 - Description : Update - InstalledOn : 11/21/2014 + KB2965500 - Description : Update - InstalledOn : 11/21/2014 + KB2966407 - Description : Update - InstalledOn : 11/21/2014 + KB2966826 - Description : Security Update - InstalledOn : 4/7/2016 + KB2966828 - Description : Security Update - InstalledOn : 4/7/2016 + KB2967917 - Description : Update - InstalledOn : 11/21/2014 + KB2968296 - Description : Security Update - InstalledOn : 4/7/2016 + KB2971203 - Description : Update - InstalledOn : 11/21/2014 + KB2971850 - Description : Security Update - InstalledOn : 11/21/2014 + KB2972103 - Description : Security Update - InstalledOn : 4/7/2016 + KB2972213 - Description : Security Update - InstalledOn : 4/7/2016 + KB2973114 - Description : Security Update - InstalledOn : 4/7/2016 + KB2973351 - Description : Security Update - InstalledOn : 11/21/2014 + KB2973448 - Description : Update - InstalledOn : 11/21/2014 + KB2975061 - Description : Update - InstalledOn : 11/21/2014 + KB2976627 - Description : Security Update - InstalledOn : 11/21/2014 + KB2977629 - Description : Security Update - InstalledOn : 11/21/2014 + KB2977765 - Description : Security Update - InstalledOn : 4/7/2016 + KB2978041 - Description : Security Update - InstalledOn : 4/7/2016 + KB2978122 - Description : Security Update - InstalledOn : 4/7/2016 + KB2978126 - Description : Security Update - InstalledOn : 4/7/2016 + KB2987107 - Description : Security Update - InstalledOn : 11/21/2014 + KB2989647 - Description : Update - InstalledOn : 11/21/2014 + KB2999226 - Description : Update - InstalledOn : 4/7/2016 + KB3000483 - Description : Security Update - InstalledOn : 4/7/2016 + KB3000850 - Description : Update - InstalledOn : 11/21/2014 + KB3003057 - Description : Security Update - InstalledOn : 11/21/2014 + KB3004361 - Description : Security Update - InstalledOn : 4/7/2016 + KB3004365 - Description : Security Update - InstalledOn : 4/7/2016 + KB3008242 - Description : Update - InstalledOn : 4/7/2016 + KB3011780 - Description : Security Update - InstalledOn : 4/7/2016 + KB3014442 - Description : Update - InstalledOn : 11/21/2014 + KB3019978 - Description : Security Update - InstalledOn : 4/7/2016 + KB3021674 - Description : Security Update - InstalledOn : 4/7/2016 + KB3021910 - Description : Update - InstalledOn : 4/7/2016 + KB3022777 - Description : Security Update - InstalledOn : 4/7/2016 + KB3023219 - Description : Security Update - InstalledOn : 4/7/2016 + KB3023222 - Description : Security Update - InstalledOn : 4/7/2016 + KB3023266 - Description : Security Update - InstalledOn : 4/7/2016 + KB3030377 - Description : Security Update - InstalledOn : 4/7/2016 + KB3031044 - Description : Update - InstalledOn : 4/7/2016 + KB3032663 - Description : Security Update - InstalledOn : 4/7/2016 + KB3033889 - Description : Security Update - InstalledOn : 4/7/2016 + KB3034348 - Description : Update - InstalledOn : 4/7/2016 + KB3035126 - Description : Security Update - InstalledOn : 4/7/2016 + KB3035132 - Description : Security Update - InstalledOn : 4/7/2016 + KB3037576 - Description : Security Update - InstalledOn : 4/7/2016 + KB3037579 - Description : Security Update - InstalledOn : 4/7/2016 + KB3042058 - Description : Security Update - InstalledOn : 4/11/2016 + KB3042085 - Description : Update - InstalledOn : 4/7/2016 + KB3042553 - Description : Security Update - InstalledOn : 4/7/2016 + KB3044374 - Description : Update - InstalledOn : 4/7/2016 + KB3045685 - Description : Security Update - InstalledOn : 4/7/2016 + KB3045755 - Description : Security Update - InstalledOn : 4/7/2016 + KB3045999 - Description : Security Update - InstalledOn : 4/7/2016 + KB3046017 - Description : Security Update - InstalledOn : 4/7/2016 + KB3046359 - Description : Security Update - InstalledOn : 4/7/2016 + KB3055642 - Description : Security Update - InstalledOn : 4/7/2016 + KB3059317 - Description : Security Update - InstalledOn : 4/7/2016 + KB3060716 - Description : Security Update - InstalledOn : 4/7/2016 + KB3061512 - Description : Security Update - InstalledOn : 4/7/2016 + KB3067505 - Description : Security Update - InstalledOn : 4/7/2016 + KB3068457 - Description : Security Update - InstalledOn : 4/7/2016 + KB3071756 - Description : Security Update - InstalledOn : 4/7/2016 + KB3072307 - Description : Security Update - InstalledOn : 4/7/2016 + KB3072595 - Description : Security Update - InstalledOn : 4/7/2016 + KB3072630 - Description : Security Update - InstalledOn : 4/7/2016 + KB3074228 - Description : Security Update - InstalledOn : 4/7/2016 + KB3074545 - Description : Security Update - InstalledOn : 4/7/2016 + KB3074548 - Description : Security Update - InstalledOn : 4/7/2016 + KB3075220 - Description : Security Update - InstalledOn : 4/7/2016 + KB3076895 - Description : Security Update - InstalledOn : 4/7/2016 + KB3077715 - Description : Update - InstalledOn : 4/7/2016 + KB3080446 - Description : Security Update - InstalledOn : 4/7/2016 + KB3082089 - Description : Security Update - InstalledOn : 4/7/2016 + KB3083992 - Description : Security Update - InstalledOn : 4/7/2016 + KB3084135 - Description : Security Update - InstalledOn : 4/7/2016 + KB3086255 - Description : Security Update - InstalledOn : 4/7/2016 + KB3087088 - Description : Security Update - InstalledOn : 4/7/2016 + KB3088195 - Description : Security Update - InstalledOn : 4/7/2016 + KB3092601 - Description : Security Update - InstalledOn : 4/7/2016 + KB3097966 - Description : Security Update - InstalledOn : 4/7/2016 + KB3097992 - Description : Security Update - InstalledOn : 4/7/2016 + KB3097997 - Description : Security Update - InstalledOn : 4/7/2016 + KB3098779 - Description : Security Update - InstalledOn : 4/7/2016 + KB3098785 - Description : Security Update - InstalledOn : 4/11/2016 + KB3100465 - Description : Security Update - InstalledOn : 4/7/2016 + KB3102467 - Description : Update - InstalledOn : 4/7/2016 + KB3102939 - Description : Security Update - InstalledOn : 4/7/2016 + KB3108347 - Description : Security Update - InstalledOn : 4/7/2016 + KB3108381 - Description : Security Update - InstalledOn : 4/7/2016 + KB3109094 - Description : Security Update - InstalledOn : 4/7/2016 + KB3109103 - Description : Security Update - InstalledOn : 4/7/2016 + KB3109853 - Description : Security Update - InstalledOn : 4/7/2016 + KB3110329 - Description : Security Update - InstalledOn : 4/7/2016 + KB3121918 - Description : Security Update - InstalledOn : 4/7/2016 + KB3122651 - Description : Security Update - InstalledOn : 4/7/2016 + KB3122660 - Description : Security Update - InstalledOn : 4/11/2016 + KB3123479 - Description : Security Update - InstalledOn : 4/7/2016 + KB3124001 - Description : Security Update - InstalledOn : 4/7/2016 + KB3126041 - Description : Security Update - InstalledOn : 4/7/2016 + KB3126434 - Description : Security Update - InstalledOn : 4/7/2016 + KB3126446 - Description : Security Update - InstalledOn : 4/7/2016 + KB3126587 - Description : Security Update - InstalledOn : 4/7/2016 + KB3126593 - Description : Security Update - InstalledOn : 4/7/2016 + KB3127222 - Description : Security Update - InstalledOn : 4/7/2016 + KB3127231 - Description : Security Update - InstalledOn : 4/11/2016 + KB3133043 - Description : Security Update - InstalledOn : 4/7/2016 + KB3134222 - Description : Security Update - InstalledOn : 4/7/2016 + KB3135985 - Description : Security Update - InstalledOn : 4/7/2016 + KB3135991 - Description : Security Update - InstalledOn : 4/7/2016 + KB3135998 - Description : Security Update - InstalledOn : 4/11/2016 + KB3137513 - Description : Security Update - InstalledOn : 4/7/2016 + KB3138615 - Description : Update - InstalledOn : 4/7/2016 + KB3139398 - Description : Security Update - InstalledOn : 4/7/2016 + KB3139852 - Description : Security Update - InstalledOn : 4/7/2016 + KB3139914 - Description : Security Update - InstalledOn : 4/7/2016 + KB3139929 - Description : Security Update - InstalledOn : 4/7/2016 + KB3139940 - Description : Security Update - InstalledOn : 4/7/2016 + KB3140735 - Description : Security Update - InstalledOn : 4/7/2016 Note that for detailed information on installed QFE's such as InstalledBy, Caption, and so on, please run the scan with 'Report Verbosity' set to 'verbose'.
|
57364 - PuTTY Detection |
[-/+] |
Synopsis
A Telnet / SSH client is installed on the remote host.Description
The remote host has an installation of PuTTY, which is a suite of tools for remote console access and file transfer.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2011/12/21, Modification date: 2015/03/06Ports
tcp/0
Path : C:\Program Files (x86)\PuTTY Version : 0.67.0.0 VersionNumber : 0.67.0.0
|
62042 - SMB QuickFixEngineering (QFE) Enumeration |
[-/+] |
Synopsis
The remote host has quick-fix engineering updates installed.Description
By connecting to the host with the supplied credentials, this plugin enumerates quick-fix engineering updates installed on the remote host via the registry.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2012/09/11, Modification date: 2013/03/28Ports
tcp/0
Here is a list of quick-fix engineering updates installed on the remote system : KB2894852, Installed on: 2016/04/07 KB2894856, Installed on: 2016/04/07 KB2896496, Installed on: 2014/11/21 KB2919355, Installed on: 2014/11/21 KB2920189, Installed on: 2014/11/21 KB2932046, Installed on: 2014/11/21 KB2933826, Installed on: 2014/11/21 KB2934018 KB2937592, Installed on: 2014/11/21 KB2938439, Installed on: 2014/11/21 KB2938772, Installed on: 2014/11/21 KB2949621, Installed on: 2014/11/21 KB2954879, Installed on: 2014/11/21 KB2958262, Installed on: 2014/11/21 KB2958263, Installed on: 2014/11/21 KB2965500, Installed on: 2014/11/21 KB2966407, Installed on: 2014/11/21 KB2966826, Installed on: 2016/04/07 KB2966828, Installed on: 2016/04/07 KB2967917, Installed on: 2014/11/21 KB2968296, Installed on: 2016/04/07 KB2971203 KB2971850, Installed on: 2014/11/21 KB2972103, Installed on: 2016/04/07 KB2972213, Installed on: 2016/04/07 KB2972280 KB2973114, Installed on: 2016/04/07 KB2973351, Installed on: 2014/11/21 KB2973448, Installed on: 2014/11/21 KB2974008 KB2975061, Installed on: 2014/11/21 KB2976627, Installed on: 2014/11/21 KB2977629, Installed on: 2014/11/21 KB2977765, Installed on: 2016/04/07 KB2978041, Installed on: 2016/04/07 KB2978122, Installed on: 2016/04/07 KB2978126, Installed on: 2016/04/07 KB2982794 KB2987107, Installed on: 2014/11/21 KB2987114 KB2989647, Installed on: 2014/11/21 KB2999226, Installed on: 2016/04/07 KB3000483, Installed on: 2016/04/07 KB3000850, Installed on: 2014/11/21 KB3001237 KB3003057, Installed on: 2014/11/21 KB3004361, Installed on: 2016/04/07 KB3004365, Installed on: 2016/04/07 KB3008242, Installed on: 2016/04/07 KB3011780, Installed on: 2016/04/07 KB3014442, Installed on: 2014/11/21 KB3019978, Installed on: 2016/04/07 KB3021674, Installed on: 2016/04/07 KB3021910, Installed on: 2016/04/07 KB3022777, Installed on: 2016/04/07 KB3023219, Installed on: 2016/04/07 KB3023222, Installed on: 2016/04/07 KB3023266, Installed on: 2016/04/07 KB3030377, Installed on: 2016/04/07 KB3031044, Installed on: 2016/04/07 KB3032663, Installed on: 2016/04/07 KB3033889, Installed on: 2016/04/07 KB3034348, Installed on: 2016/04/07 KB3035126, Installed on: 2016/04/07 KB3035132, Installed on: 2016/04/07 KB3037576, Installed on: 2016/04/07 KB3037579, Installed on: 2016/04/07 KB3042058, Installed on: 2016/04/11 KB3042085, Installed on: 2016/04/07 KB3042553, Installed on: 2016/04/07 KB3044374, Installed on: 2016/04/07 KB3045685, Installed on: 2016/04/07 KB3045755, Installed on: 2016/04/07 KB3045999, Installed on: 2016/04/07 KB3046017, Installed on: 2016/04/07 KB3046359, Installed on: 2016/04/07 KB3055642, Installed on: 2016/04/07 KB3059317, Installed on: 2016/04/07 KB3060716, Installed on: 2016/04/07 KB3061512, Installed on: 2016/04/07 KB3067505, Installed on: 2016/04/07 KB3068457, Installed on: 2016/04/07 KB3071756, Installed on: 2016/04/07 KB3072307, Installed on: 2016/04/07 KB3072595, Installed on: 2016/04/07 KB3072630, Installed on: 2016/04/07 KB3074228, Installed on: 2016/04/07 KB3074545, Installed on: 2016/04/07 KB3074548, Installed on: 2016/04/07 KB3075220, Installed on: 2016/04/07 KB3076895, Installed on: 2016/04/07 KB3077715, Installed on: 2016/04/07 KB3080446, Installed on: 2016/04/07 KB3082089, Installed on: 2016/04/07 KB3083992, Installed on: 2016/04/07 KB3084135, Installed on: 2016/04/07 KB3086255, Installed on: 2016/04/07 KB3087088, Installed on: 2016/04/07 KB3088195, Installed on: 2016/04/07 KB3092601, Installed on: 2016/04/07 KB3097966, Installed on: 2016/04/07 KB3097992, Installed on: 2016/04/07 KB3097997, Installed on: 2016/04/07 KB3098779, Installed on: 2016/04/07 KB3098785, Installed on: 2016/04/11 KB3100465, Installed on: 2016/04/07 KB3102467, Installed on: 2016/04/07 KB3102939, Installed on: 2016/04/07 KB3108347, Installed on: 2016/04/07 KB3108381, Installed on: 2016/04/07 KB3109094, Installed on: 2016/04/07 KB3109103, Installed on: 2016/04/07 KB3109853, Installed on: 2016/04/07 KB3110329 KB3121918, Installed on: 2016/04/07 KB3122651, Installed on: 2016/04/07 KB3122660, Installed on: 2016/04/11 KB3123479, Installed on: 2016/04/07 KB3124001, Installed on: 2016/04/07 KB3126041, Installed on: 2016/04/07 KB3126434, Installed on: 2016/04/07 KB3126446, Installed on: 2016/04/07 KB3126587, Installed on: 2016/04/07 KB3126593, Installed on: 2016/04/07 KB3127222, Installed on: 2016/04/07 KB3127231, Installed on: 2016/04/11 KB3133043, Installed on: 2016/04/07 KB3134222, Installed on: 2016/04/07 KB3135985, Installed on: 2016/04/07 KB3135991, Installed on: 2016/04/07 KB3135998, Installed on: 2016/04/11 KB3137513, Installed on: 2016/04/07 KB3138615, Installed on: 2016/04/07 KB3139398, Installed on: 2016/04/07 KB3139852, Installed on: 2016/04/07 KB3139914, Installed on: 2016/04/07 KB3139929, Installed on: 2016/04/07 KB3139940, Installed on: 2016/04/07 KB3140735, Installed on: 2016/04/07
|
66334 - Patch Report |
[-/+] |
Synopsis
The remote host is missing several patches.Description
The remote host is missing one or more security patches. This plugin lists the newest version of each patch to install to make sure the remote host is up-to-date.Solution
Install the patches listed below.Risk Factor
NonePlugin Information:
Publication date: 2013/07/08, Modification date: 2017/03/14Ports
tcp/0
. Microsoft Operating System Patches : + To patch the remote system, you need to install the following Microsoft patches : - KB4012213 (MS17-022) (3 vulnerabilities) - KB4012216 (MS17-022) (3 vulnerabilities) - KB4012213 (MS17-021) - KB4012216 (MS17-021) - KB4012213 (MS17-018) - KB4012216 (MS17-018) - KB4012213 (MS17-017) (2 vulnerabilities) - KB4012216 (MS17-017) (2 vulnerabilities) - KB4012213 (MS17-016) - KB4012216 (MS17-016) - KB4012213 (MS17-013) (12 vulnerabilities) - KB4012216 (MS17-013) (12 vulnerabilities) - KB4012213 (MS17-012) - KB4012216 (MS17-012) - KB4012213 (MS17-011) (2 vulnerabilities) - KB4012216 (MS17-011) (2 vulnerabilities) - KB4012213 (MS17-010) - KB4012216 (MS17-010) - KB4012213 (MS17-009) - KB4012216 (MS17-009) - KB4012204 (MS17-006) (4 vulnerabilities) - KB4012216 (MS17-006) (4 vulnerabilities) - KB3205400 (MS16-153) (2 vulnerabilities) - KB3205401 (MS16-153) (2 vulnerabilities) - KB3205400 (MS16-149) (4 vulnerabilities) - KB3205401 (MS16-149) (4 vulnerabilities) - KB3197873 (MS16-142) (4 vulnerabilities) - KB3197874 (MS16-142) (4 vulnerabilities) - KB3197873 (MS16-140) - KB3197874 (MS16-140) - KB3197873 (MS16-138) - KB3197874 (MS16-138) - KB3197873 (MS16-132) (4 vulnerabilities) - KB3197874 (MS16-132) (4 vulnerabilities) - KB3197873 (MS16-130) (3 vulnerabilities) - KB3197874 (MS16-130) (3 vulnerabilities) - KB3185331 (MS16-124) (2 vulnerabilities) - KB3192392 (MS16-124) (2 vulnerabilities) - KB3185331 (MS16-123) (2 vulnerabilities) - KB3192392 (MS16-123) (2 vulnerabilities) - KB3184943 (MS16-115) (1 vulnerabilities) - KB3178539 (MS16-112) - KB3184471 (MS16-110) (14 vulnerabilities) - KB3185911 (MS16-106) (8 vulnerabilities) - KB3172729 (MS16-100) - KB3172727 (MS16-094) - KB3163247 (MS16-091) - KB3164024 (MS16-091) - KB3170455 (MS16-087) (1 vulnerabilities) - KB3161958 (MS16-082) - KB3157569 (MS16-080) (1 vulnerabilities) - KB3161949 (MS16-077) - KB3162343 (MS16-076) (1 vulnerabilities) - KB3161561 (MS16-075) (1 vulnerabilities) - KB3159398 (MS16-072) - KB3161951 (MS16-071) (1 vulnerabilities) - KB3155784 (MS16-067) - KB3142026 (MS16-065) (2 vulnerabilities) - KB3142036 (MS16-065) (2 vulnerabilities) - KB3153704 (MS16-061) (1 vulnerabilities) - KB3156059 (MS16-057) - KB3146723 (MS16-048) (1 vulnerabilities) - KB3149090 (MS16-047) (1 vulnerabilities) - KB3146706 (MS16-044) (1 vulnerabilities) - KB2538243 (MS11-025) (1 vulnerabilities)
|
70329 - Microsoft Windows Process Information |
[-/+] |
Synopsis
Use WMI to obtain running process information.Description
Report details on the running processes on the machine. This plugin is informative only and could be used for forensic investigation, malware detection, and to confirm that your system processes conform to your system policies.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2013/10/08, Modification date: 2017/04/03Ports
tcp/0
Process Overview : SID: Process (PID) 0 : System Idle Process (0) 0 : |- System (4) 0 : |- smss.exe (204) 1 : explorer.exe (2368) 1 : |- vmtoolsd.exe (2164) 1 : |- powershell.exe (2640) 1 : |- conhost.exe (4176) 1 : |- notepad.exe (3944) 1 : |- ServerManager.exe (4192) 1 : |- cmd.exe (6152) 1 : |- conhost.exe (1924) 0 : csrss.exe (304) 1 : csrss.exe (376) 0 : wininit.exe (384) 0 : |- services.exe (472) 0 : |- spoolsv.exe (1208) 0 : |- Microsoft.ActiveDirectory.WebServices.exe (1240) 0 : |- certsrv.exe (1284) 0 : |- dfsrs.exe (1320) 0 : |- svchost.exe (1384) 0 : |- dns.exe (1400) 0 : |- ismserv.exe (1424) 0 : |- snmp.exe (1492) 0 : |- VGAuthService.exe (1588) 0 : |- vmtoolsd.exe (1656) 0 : |- dfssvc.exe (1716) 0 : |- svchost.exe (2100) 0 : |- svchost.exe (2128) 0 : |- svchost.exe (2144) 0 : |- sppsvc.exe (2240) 0 : |- dllhost.exe (2376) 0 : |- msdtc.exe (2600) 0 : |- svchost.exe (320) 0 : |- nxlog.exe (5204) 0 : |- TrustedInstaller.exe (5948) 0 : |- svchost.exe (620) 0 : |- WmiPrvSE.exe (1072) 0 : |- TiWorker.exe (2980) 0 : |- svchost.exe (664) 0 : |- svchost.exe (768) 0 : |- svchost.exe (796) 1 : |- taskhostex.exe (2916) 0 : |- svchost.exe (836) 0 : |- svchost.exe (928) 0 : |- vds.exe (944) 0 : |- lsass.exe (480) 1 : winlogon.exe (412) 1 : |- LogonUI.exe (2228) 1 : |- dwm.exe (784)
|
70331 - Microsoft Windows Process Module Information |
[-/+] |
Synopsis
Use WMI to obtain running process module information.Description
Report details on the running processes modules on the machine. This plugin is informative only and could be used for forensic investigation, malware detection, and to that confirm your system processes conform to your system policies.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2013/10/08, Modification date: 2017/04/03Ports
tcp/0
Process_Modules_.csv : lists the loaded modules for each process.
|
71246 - Enumerate Local Group Memberships |
[-/+] |
Synopsis
Nessus was able to connect to a host via SMB to retrieve a list of local Groups and their Members.Description
Nessus was able to connect to a host via SMB to retrieve a list of local Groups and their Members.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2013/12/06, Modification date: 2017/04/03Ports
tcp/0
Group Name : Administrators Host Name : BLDAD01 Group SID : S-1-5-32-544 Members : Name : Administrator Domain : BLD01SEC Class : Win32_UserAccount SID : S-1-5-21-2770019732-1922860174-1796585773-500 Name : Enterprise Admins Domain : BLD01SEC Class : Win32_Group SID : S-1-5-21-2770019732-1922860174-1796585773-519 Name : Domain Admins Domain : BLD01SEC Class : Win32_Group SID : S-1-5-21-2770019732-1922860174-1796585773-512 Group Name : Users Host Name : BLDAD01 Group SID : S-1-5-32-545 Members : Name : INTERACTIVE Domain : BLDAD01 Class : Win32_SystemAccount SID : S-1-5-4 Name : Authenticated Users Domain : BLDAD01 Class : Win32_SystemAccount SID : S-1-5-11 Name : Domain Users Domain : BLD01SEC Class : Win32_Group SID : S-1-5-21-2770019732-1922860174-1796585773-513 Group Name : Guests Host Name : BLDAD01 Group SID : S-1-5-32-546 Members : Name : Guest Domain : BLD01SEC Class : Win32_UserAccount SID : S-1-5-21-2770019732-1922860174-1796585773-501 Name : Domain Guests Domain : BLD01SEC Class : Win32_Group SID : S-1-5-21-2770019732-1922860174-1796585773-514 Group Name : Print Operators Host Name : BLDAD01 Group SID : S-1-5-32-550 Members : Group Name : Backup Operators Host Name : BLDAD01 Group SID : S-1-5-32-551 Members : Group Name : Replicator Host Name : BLDAD01 Group SID : S-1-5-32-552 Members : Group Name : Remote Desktop Users Host Name : BLDAD01 Group SID : S-1-5-32-555 Members : Group Name : Network Configuration Operators Host Name : BLDAD01 Group SID : S-1-5-32-556 Members : Group Name : Performance Monitor Users Host Name : BLDAD01 Group SID : S-1-5-32-558 Members : Group Name : Performance Log Users Host Name : BLDAD01 Group SID : S-1-5-32-559 Members : Group Name : Distributed COM Users Host Name : BLDAD01 Group SID : S-1-5-32-562 Members : Group Name : IIS_IUSRS Host Name : BLDAD01 Group SID : S-1-5-32-568 Members : Name : IUSR Domain : BLDAD01 Class : Win32_SystemAccount SID : S-1-5-17 Group Name : Cryptographic Operators Host Name : BLDAD01 Group SID : S-1-5-32-569 Members : Group Name : Event Log Readers Host Name : BLDAD01 Group SID : S-1-5-32-573 Members : Group Name : Certificate Service DCOM Access Host Name : BLDAD01 Group SID : S-1-5-32-574 Members : Name : Authenticated Users Domain : BLDAD01 Class : Win32_SystemAccount SID : S-1-5-11 Group Name : RDS Remote Access Servers Host Name : BLDAD01 Group SID : S-1-5-32-575 Members : Group Name : RDS Endpoint Servers Host Name : BLDAD01 Group SID : S-1-5-32-576 Members : Group Name : RDS Management Servers Host Name : BLDAD01 Group SID : S-1-5-32-577 Members : Group Name : Hyper-V Administrators Host Name : BLDAD01 Group SID : S-1-5-32-578 Members : Group Name : Access Control Assistance Operators Host Name : BLDAD01 Group SID : S-1-5-32-579 Members : Group Name : Remote Management Users Host Name : BLDAD01 Group SID : S-1-5-32-580 Members : Group Name : Server Operators Host Name : BLDAD01 Group SID : S-1-5-32-549 Members : Group Name : Account Operators Host Name : BLDAD01 Group SID : S-1-5-32-548 Members : Group Name : Pre-Windows 2000 Compatible Access Host Name : BLDAD01 Group SID : S-1-5-32-554 Members : Name : Authenticated Users Domain : BLDAD01 Class : Win32_SystemAccount SID : S-1-5-11 Name : BLDAD01$ Domain : BLD01SEC Class : Win32_UserAccount SID : Group Name : Incoming Forest Trust Builders Host Name : BLDAD01 Group SID : S-1-5-32-557 Members : Group Name : Windows Authorization Access Group Host Name : BLDAD01 Group SID : S-1-5-32-560 Members : Name : ENTERPRISE DOMAIN CONTROLLERS Domain : BLDAD01 Class : Win32_SystemAccount SID : S-1-5-9 Group Name : Terminal Server License Servers Host Name : BLDAD01 Group SID : S-1-5-32-561 Members : Group Name : Cert Publishers Host Name : BLDAD01 Group SID : S-1-5-21-2770019732-1922860174-1796585773-517 Members : Name : BLDAD01$ Domain : BLD01SEC Class : Win32_UserAccount SID : Group Name : RAS and IAS Servers Host Name : BLDAD01 Group SID : S-1-5-21-2770019732-1922860174-1796585773-553 Members : Group Name : Allowed RODC Password Replication Group Host Name : BLDAD01 Group SID : S-1-5-21-2770019732-1922860174-1796585773-571 Members : Group Name : Denied RODC Password Replication Group Host Name : BLDAD01 Group SID : S-1-5-21-2770019732-1922860174-1796585773-572 Members : Name : krbtgt Domain : BLD01SEC Class : Win32_UserAccount SID : S-1-5-21-2770019732-1922860174-1796585773-502 Name : Domain Controllers Domain : BLD01SEC Class : Win32_Group SID : S-1-5-21-2770019732-1922860174-1796585773-516 Name : Schema Admins Domain : BLD01SEC Class : Win32_Group SID : S-1-5-21-2770019732-1922860174-1796585773-518 Name : Enterprise Admins Domain : BLD01SEC Class : Win32_Group SID : S-1-5-21-2770019732-1922860174-1796585773-519 Name : Cert Publishers Domain : BLD01SEC Class : Win32_Group SID : S-1-5-21-2770019732-1922860174-1796585773-517 Name : Domain Admins Domain : BLD01SEC Class : Win32_Group SID : S-1-5-21-2770019732-1922860174-1796585773-512 Name : Group Policy Creator Owners Domain : BLD01SEC Class : Win32_Group SID : S-1-5-21-2770019732-1922860174-1796585773-520 Name : Read-only Domain Controllers Domain : BLD01SEC Class : Win32_Group SID : S-1-5-21-2770019732-1922860174-1796585773-521 Group Name : WinRMRemoteWMIUsers__ Host Name : BLDAD01 Group SID : S-1-5-21-2770019732-1922860174-1796585773-1000 Members : Group Name : DnsAdmins Host Name : BLDAD01 Group SID : S-1-5-21-2770019732-1922860174-1796585773-1102 Members :
|
72482 - Windows Display Driver Enumeration |
[-/+] |
Synopsis
Nessus was able to enumerate one or more of the display drivers on the remote host.Description
Nessus was able to enumerate one or more of the display drivers on the remote host via WMI.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2014/02/06, Modification date: 2017/04/03Ports
tcp/0
Device Name : VMware SVGA 3D Driver File Version : 8.15.1.48 Driver Date : 07/12/2016 Video Processor : VMware Virtual SVGA 3D Graphics Adapter
53/udp
|
34220 - Netstat Portscanner (WMI) |
[-/+] |
Synopsis
The list of open ports could be retrieved via netstat.Description
Using the WMI interface, it was possible to get the open ports by running the netstat command remotely.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/16, Modification date: 2017/04/03Ports
udp/53
Port 53/udp was found to be open
|
34252 - Microsoft Windows Remote Listeners Enumeration (WMI) |
[-/+] |
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/23, Modification date: 2017/04/03Ports
udp/53
The Win32 process 'dns.exe' is listening on this port (pid 1400). This process 'dns.exe' (pid 1400) is hosting the following Windows services : DNS (@%systemroot%\system32\dns.exe,-49157)
67/udp
|
34220 - Netstat Portscanner (WMI) |
[-/+] |
Synopsis
The list of open ports could be retrieved via netstat.Description
Using the WMI interface, it was possible to get the open ports by running the netstat command remotely.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/16, Modification date: 2017/04/03Ports
udp/67
Port 67/udp was found to be open
|
34252 - Microsoft Windows Remote Listeners Enumeration (WMI) |
[-/+] |
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/23, Modification date: 2017/04/03Ports
udp/67
The Win32 process 'svchost.exe' is listening on this port (pid 1384). This process 'svchost.exe' (pid 1384) is hosting the following Windows services : DHCPServer (@%SystemRoot%\system32\dhcpssvc.dll,-200)
68/udp
|
34220 - Netstat Portscanner (WMI) |
[-/+] |
Synopsis
The list of open ports could be retrieved via netstat.Description
Using the WMI interface, it was possible to get the open ports by running the netstat command remotely.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/16, Modification date: 2017/04/03Ports
udp/68
Port 68/udp was found to be open
|
34252 - Microsoft Windows Remote Listeners Enumeration (WMI) |
[-/+] |
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/23, Modification date: 2017/04/03Ports
udp/68
The Win32 process 'svchost.exe' is listening on this port (pid 1384). This process 'svchost.exe' (pid 1384) is hosting the following Windows services : DHCPServer (@%SystemRoot%\system32\dhcpssvc.dll,-200)
88/tcp
|
34252 - Microsoft Windows Remote Listeners Enumeration (WMI) |
[-/+] |
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/23, Modification date: 2017/04/03Ports
tcp/88
The Win32 process 'lsass.exe' is listening on this port (pid 480). This process 'lsass.exe' (pid 480) is hosting the following Windows services : Kdc (@%SystemRoot%\System32\kdcsvc.dll,-1) KdsSvc (@KdsSvc.dll,-100) KeyIso (@keyiso.dll,-100) Netlogon (@%SystemRoot%\System32\netlogon.dll,-102) NTDS (@%SystemRoot%\System32\ntdsmsg.dll,-1) SamSs (@%SystemRoot%\system32\samsrv.dll,-1)
88/udp
|
34220 - Netstat Portscanner (WMI) |
[-/+] |
Synopsis
The list of open ports could be retrieved via netstat.Description
Using the WMI interface, it was possible to get the open ports by running the netstat command remotely.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/16, Modification date: 2017/04/03Ports
udp/88
Port 88/udp was found to be open
123/udp
|
34220 - Netstat Portscanner (WMI) |
[-/+] |
Synopsis
The list of open ports could be retrieved via netstat.Description
Using the WMI interface, it was possible to get the open ports by running the netstat command remotely.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/16, Modification date: 2017/04/03Ports
udp/123
Port 123/udp was found to be open
|
34252 - Microsoft Windows Remote Listeners Enumeration (WMI) |
[-/+] |
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/23, Modification date: 2017/04/03Ports
udp/123
The Win32 process 'svchost.exe' is listening on this port (pid 836). This process 'svchost.exe' (pid 836) is hosting the following Windows services : EventSystem (@comres.dll,-2450) FontCache (@%systemroot%\system32\FntCache.dll,-100) netprofm (@%SystemRoot%\system32\netprofmsvc.dll,-202) nsi (@%SystemRoot%\system32\nsisvc.dll,-200) W32Time (@%SystemRoot%\system32\w32time.dll,-200)
135/tcp
|
10736 - DCE Services Enumeration |
[-/+] |
Synopsis
A DCE/RPC service is running on the remote host.Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2001/08/26, Modification date: 2014/05/12Ports
tcp/135
The following DCERPC services are available locally : Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91 UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : WindowsShutdown Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91 UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : WMsgKRpc07C550 Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000 UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : WindowsShutdown Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000 UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : WMsgKRpc07C550 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : LRPC-dada164e549af23860 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : LSMApi Object UUID : 3bdb59a0-d736-4d44-9074-c1ee00000001 UUID : b2507c30-b126-494a-92ac-ee32b6eeb039, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : LRPC-21e48f8d13e8b49081 Object UUID : 5bc1ed07-f5f5-485f-9dfd-6fd0acf9a23c UUID : 897e2e5f-93f3-4376-9c9c-fd2277495c27, version 1.0 Description : Unknown RPC service Annotation : Frs2 Service Type : Local RPC service Named pipe : OLE965B1D4B51DAF995503DE704C849 Object UUID : bff595a6-e606-43d1-9789-ed6fb1b9bd30 UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0 Description : Distributed Transaction Coordinator Windows process : msdtc.exe Type : Local RPC service Named pipe : LRPC-da767a4710c1aa87e3 Object UUID : 5c6449a0-24d2-476e-b536-f0bc50064248 UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0 Description : Distributed Transaction Coordinator Windows process : msdtc.exe Type : Local RPC service Named pipe : LRPC-da767a4710c1aa87e3 Object UUID : 8497a1d6-6e33-4c40-bdd7-5df69e8918b4 UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0 Description : Distributed Transaction Coordinator Windows process : msdtc.exe Type : Local RPC service Named pipe : LRPC-da767a4710c1aa87e3 Object UUID : c408633f-e95b-43e0-81f7-60b316535f60 UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0 Description : Distributed Transaction Coordinator Windows process : msdtc.exe Type : Local RPC service Named pipe : OLECFA75CBB1B16CDE4C9ECCDB16538 Object UUID : c408633f-e95b-43e0-81f7-60b316535f60 UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0 Description : Distributed Transaction Coordinator Windows process : msdtc.exe Type : Local RPC service Named pipe : LRPC-f67a9c0b3c303ad88d Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 91ae6020-9e3c-11cf-8d7c-00aa00c091be, version 0.0 Description : Certificate Service Windows process : unknown Type : Local RPC service Named pipe : OLEACD424A8A0A33250ECD54B0642CC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 6bffd098-a112-3610-9833-46c3f874532d, version 1.0 Description : DHCP Server Service Windows process : unknown Type : Local RPC service Named pipe : OLE90AEAEEFC1AB05A34065C19439DE Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 5b821720-f63b-11d0-aad2-00c04fc324db, version 1.0 Description : DHCP Server Service Windows process : unknown Type : Local RPC service Named pipe : OLE90AEAEEFC1AB05A34065C19439DE Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345678-1234-abcd-ef00-0123456789ab, version 1.0 Description : IPsec Services (Windows XP & 2003) Windows process : lsass.exe Type : Local RPC service Named pipe : LRPC-9d36bf79e8639b91ec Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : LRPC-9d36bf79e8639b91ec Object UUID : 00000000-0000-0000-0000-000000000000 UUID : ae33069b-a2a8-46ee-a235-ddfd339be281, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : LRPC-9d36bf79e8639b91ec Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 4a452661-8290-4b36-8fbe-7f4093a94978, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : LRPC-9d36bf79e8639b91ec Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 76f03f96-cdfd-44fc-a22c-64950a001209, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : LRPC-9d36bf79e8639b91ec Object UUID : 7364746e-0000-0000-0000-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Local RPC service Named pipe : audit Object UUID : 7364746e-0000-0000-0000-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Local RPC service Named pipe : securityevent Object UUID : 7364746e-0000-0000-0000-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Local RPC service Named pipe : LSARPC_ENDPOINT Object UUID : 7364746e-0000-0000-0000-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Local RPC service Named pipe : lsacap Object UUID : 7364746e-0000-0000-0000-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Local RPC service Named pipe : LSA_EAS_ENDPOINT Object UUID : 7364746e-0000-0000-0000-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Local RPC service Named pipe : lsapolicylookup Object UUID : 7364746e-0000-0000-0000-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Local RPC service Named pipe : lsasspirpc Object UUID : 7364746e-0000-0000-0000-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Local RPC service Named pipe : protected_storage Object UUID : 7364746e-0000-0000-0000-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Local RPC service Named pipe : SidKey Local End Point Object UUID : 7364746e-0000-0000-0000-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Local RPC service Named pipe : samss lpc Object UUID : 7364746e-0000-0000-0000-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Local RPC service Named pipe : OLE4FB330441E0EEEEA294397AFA44A Object UUID : 00000000-0000-0000-0000-000000000000 UUID : e3514235-4b06-11d1-ab04-00c04fc2dcd2, version 4.0 Description : Active Directory Replication Interface Windows process : unknown Annotation : MS NT Directory DRS Interface Type : Local RPC service Named pipe : audit Object UUID : 00000000-0000-0000-0000-000000000000 UUID : e3514235-4b06-11d1-ab04-00c04fc2dcd2, version 4.0 Description : Active Directory Replication Interface Windows process : unknown Annotation : MS NT Directory DRS Interface Type : Local RPC service Named pipe : securityevent Object UUID : 00000000-0000-0000-0000-000000000000 UUID : e3514235-4b06-11d1-ab04-00c04fc2dcd2, version 4.0 Description : Active Directory Replication Interface Windows process : unknown Annotation : MS NT Directory DRS Interface Type : Local RPC service Named pipe : LSARPC_ENDPOINT Object UUID : 00000000-0000-0000-0000-000000000000 UUID : e3514235-4b06-11d1-ab04-00c04fc2dcd2, version 4.0 Description : Active Directory Replication Interface Windows process : unknown Annotation : MS NT Directory DRS Interface Type : Local RPC service Named pipe : lsacap Object UUID : 00000000-0000-0000-0000-000000000000 UUID : e3514235-4b06-11d1-ab04-00c04fc2dcd2, version 4.0 Description : Active Directory Replication Interface Windows process : unknown Annotation : MS NT Directory DRS Interface Type : Local RPC service Named pipe : LSA_EAS_ENDPOINT Object UUID : 00000000-0000-0000-0000-000000000000 UUID : e3514235-4b06-11d1-ab04-00c04fc2dcd2, version 4.0 Description : Active Directory Replication Interface Windows process : unknown Annotation : MS NT Directory DRS Interface Type : Local RPC service Named pipe : lsapolicylookup Object UUID : 00000000-0000-0000-0000-000000000000 UUID : e3514235-4b06-11d1-ab04-00c04fc2dcd2, version 4.0 Description : Active Directory Replication Interface Windows process : unknown Annotation : MS NT Directory DRS Interface Type : Local RPC service Named pipe : lsasspirpc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : e3514235-4b06-11d1-ab04-00c04fc2dcd2, version 4.0 Description : Active Directory Replication Interface Windows process : unknown Annotation : MS NT Directory DRS Interface Type : Local RPC service Named pipe : protected_storage Object UUID : 00000000-0000-0000-0000-000000000000 UUID : e3514235-4b06-11d1-ab04-00c04fc2dcd2, version 4.0 Description : Active Directory Replication Interface Windows process : unknown Annotation : MS NT Directory DRS Interface Type : Local RPC service Named pipe : SidKey Local End Point Object UUID : 00000000-0000-0000-0000-000000000000 UUID : e3514235-4b06-11d1-ab04-00c04fc2dcd2, version 4.0 Description : Active Directory Replication Interface Windows process : unknown Annotation : MS NT Directory DRS Interface Type : Local RPC service Named pipe : samss lpc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : e3514235-4b06-11d1-ab04-00c04fc2dcd2, version 4.0 Description : Active Directory Replication Interface Windows process : unknown Annotation : MS NT Directory DRS Interface Type : Local RPC service Named pipe : OLE4FB330441E0EEEEA294397AFA44A Object UUID : 00000000-0000-0000-0000-000000000000 UUID : e3514235-4b06-11d1-ab04-00c04fc2dcd2, version 4.0 Description : Active Directory Replication Interface Windows process : unknown Annotation : MS NT Directory DRS Interface Type : Local RPC service Named pipe : NTDS_LPC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ab, version 0.0 Description : Local Security Authority Windows process : lsass.exe Type : Local RPC service Named pipe : audit Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ab, version 0.0 Description : Local Security Authority Windows process : lsass.exe Type : Local RPC service Named pipe : securityevent Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ab, version 0.0 Description : Local Security Authority Windows process : lsass.exe Type : Local RPC service Named pipe : LSARPC_ENDPOINT Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ab, version 0.0 Description : Local Security Authority Windows process : lsass.exe Type : Local RPC service Named pipe : lsacap Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ab, version 0.0 Description : Local Security Authority Windows process : lsass.exe Type : Local RPC service Named pipe : LSA_EAS_ENDPOINT Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ab, version 0.0 Description : Local Security Authority Windows process : lsass.exe Type : Local RPC service Named pipe : lsapolicylookup Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ab, version 0.0 Description : Local Security Authority Windows process : lsass.exe Type : Local RPC service Named pipe : lsasspirpc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ab, version 0.0 Description : Local Security Authority Windows process : lsass.exe Type : Local RPC service Named pipe : protected_storage Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ab, version 0.0 Description : Local Security Authority Windows process : lsass.exe Type : Local RPC service Named pipe : SidKey Local End Point Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ab, version 0.0 Description : Local Security Authority Windows process : lsass.exe Type : Local RPC service Named pipe : samss lpc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ab, version 0.0 Description : Local Security Authority Windows process : lsass.exe Type : Local RPC service Named pipe : OLE4FB330441E0EEEEA294397AFA44A Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ab, version 0.0 Description : Local Security Authority Windows process : lsass.exe Type : Local RPC service Named pipe : NTDS_LPC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Local RPC service Named pipe : audit Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Local RPC service Named pipe : securityevent Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Local RPC service Named pipe : LSARPC_ENDPOINT Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Local RPC service Named pipe : lsacap Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Local RPC service Named pipe : LSA_EAS_ENDPOINT Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Local RPC service Named pipe : lsapolicylookup Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Local RPC service Named pipe : lsasspirpc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Local RPC service Named pipe : protected_storage Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Local RPC service Named pipe : SidKey Local End Point Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Local RPC service Named pipe : samss lpc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Local RPC service Named pipe : OLE4FB330441E0EEEEA294397AFA44A Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Local RPC service Named pipe : NTDS_LPC Object UUID : 5fc860e0-6f6e-4fc2-83cd-46324f25e90b UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0 Description : Unknown RPC service Annotation : RemoteAccessCheck Type : Local RPC service Named pipe : audit Object UUID : 5fc860e0-6f6e-4fc2-83cd-46324f25e90b UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0 Description : Unknown RPC service Annotation : RemoteAccessCheck Type : Local RPC service Named pipe : securityevent Object UUID : 5fc860e0-6f6e-4fc2-83cd-46324f25e90b UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0 Description : Unknown RPC service Annotation : RemoteAccessCheck Type : Local RPC service Named pipe : LSARPC_ENDPOINT Object UUID : 5fc860e0-6f6e-4fc2-83cd-46324f25e90b UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0 Description : Unknown RPC service Annotation : RemoteAccessCheck Type : Local RPC service Named pipe : lsacap Object UUID : 5fc860e0-6f6e-4fc2-83cd-46324f25e90b UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0 Description : Unknown RPC service Annotation : RemoteAccessCheck Type : Local RPC service Named pipe : LSA_EAS_ENDPOINT Object UUID : 5fc860e0-6f6e-4fc2-83cd-46324f25e90b UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0 Description : Unknown RPC service Annotation : RemoteAccessCheck Type : Local RPC service Named pipe : lsapolicylookup Object UUID : 5fc860e0-6f6e-4fc2-83cd-46324f25e90b UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0 Description : Unknown RPC service Annotation : RemoteAccessCheck Type : Local RPC service Named pipe : lsasspirpc Object UUID : 5fc860e0-6f6e-4fc2-83cd-46324f25e90b UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0 Description : Unknown RPC service Annotation : RemoteAccessCheck Type : Local RPC service Named pipe : protected_storage Object UUID : 5fc860e0-6f6e-4fc2-83cd-46324f25e90b UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0 Description : Unknown RPC service Annotation : RemoteAccessCheck Type : Local RPC service Named pipe : SidKey Local End Point Object UUID : 5fc860e0-6f6e-4fc2-83cd-46324f25e90b UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0 Description : Unknown RPC service Annotation : RemoteAccessCheck Type : Local RPC service Named pipe : samss lpc Object UUID : 5fc860e0-6f6e-4fc2-83cd-46324f25e90b UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0 Description : Unknown RPC service Annotation : RemoteAccessCheck Type : Local RPC service Named pipe : OLE4FB330441E0EEEEA294397AFA44A Object UUID : 5fc860e0-6f6e-4fc2-83cd-46324f25e90b UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0 Description : Unknown RPC service Annotation : RemoteAccessCheck Type : Local RPC service Named pipe : NTDS_LPC Object UUID : 5fc860e0-6f6e-4fc2-83cd-46324f25e90b UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0 Description : Unknown RPC service Annotation : RemoteAccessCheck Type : Local RPC service Named pipe : NETLOGON_LRPC Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0 Description : Unknown RPC service Annotation : RemoteAccessCheck Type : Local RPC service Named pipe : audit Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0 Description : Unknown RPC service Annotation : RemoteAccessCheck Type : Local RPC service Named pipe : securityevent Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0 Description : Unknown RPC service Annotation : RemoteAccessCheck Type : Local RPC service Named pipe : LSARPC_ENDPOINT Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0 Description : Unknown RPC service Annotation : RemoteAccessCheck Type : Local RPC service Named pipe : lsacap Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0 Description : Unknown RPC service Annotation : RemoteAccessCheck Type : Local RPC service Named pipe : LSA_EAS_ENDPOINT Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0 Description : Unknown RPC service Annotation : RemoteAccessCheck Type : Local RPC service Named pipe : lsapolicylookup Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0 Description : Unknown RPC service Annotation : RemoteAccessCheck Type : Local RPC service Named pipe : lsasspirpc Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0 Description : Unknown RPC service Annotation : RemoteAccessCheck Type : Local RPC service Named pipe : protected_storage Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0 Description : Unknown RPC service Annotation : RemoteAccessCheck Type : Local RPC service Named pipe : SidKey Local End Point Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0 Description : Unknown RPC service Annotation : RemoteAccessCheck Type : Local RPC service Named pipe : samss lpc Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0 Description : Unknown RPC service Annotation : RemoteAccessCheck Type : Local RPC service Named pipe : OLE4FB330441E0EEEEA294397AFA44A Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0 Description : Unknown RPC service Annotation : RemoteAccessCheck Type : Local RPC service Named pipe : NTDS_LPC Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0 Description : Unknown RPC service Annotation : RemoteAccessCheck Type : Local RPC service Named pipe : NETLOGON_LRPC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345678-1234-abcd-ef00-01234567cffb, version 1.0 Description : Network Logon Service Windows process : lsass.exe Type : Local RPC service Named pipe : audit Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345678-1234-abcd-ef00-01234567cffb, version 1.0 Description : Network Logon Service Windows process : lsass.exe Type : Local RPC service Named pipe : securityevent Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345678-1234-abcd-ef00-01234567cffb, version 1.0 Description : Network Logon Service Windows process : lsass.exe Type : Local RPC service Named pipe : LSARPC_ENDPOINT Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345678-1234-abcd-ef00-01234567cffb, version 1.0 Description : Network Logon Service Windows process : lsass.exe Type : Local RPC service Named pipe : lsacap Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345678-1234-abcd-ef00-01234567cffb, version 1.0 Description : Network Logon Service Windows process : lsass.exe Type : Local RPC service Named pipe : LSA_EAS_ENDPOINT Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345678-1234-abcd-ef00-01234567cffb, version 1.0 Description : Network Logon Service Windows process : lsass.exe Type : Local RPC service Named pipe : lsapolicylookup Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345678-1234-abcd-ef00-01234567cffb, version 1.0 Description : Network Logon Service Windows process : lsass.exe Type : Local RPC service Named pipe : lsasspirpc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345678-1234-abcd-ef00-01234567cffb, version 1.0 Description : Network Logon Service Windows process : lsass.exe Type : Local RPC service Named pipe : protected_storage Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345678-1234-abcd-ef00-01234567cffb, version 1.0 Description : Network Logon Service Windows process : lsass.exe Type : Local RPC service Named pipe : SidKey Local End Point Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345678-1234-abcd-ef00-01234567cffb, version 1.0 Description : Network Logon Service Windows process : lsass.exe Type : Local RPC service Named pipe : samss lpc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345678-1234-abcd-ef00-01234567cffb, version 1.0 Description : Network Logon Service Windows process : lsass.exe Type : Local RPC service Named pipe : OLE4FB330441E0EEEEA294397AFA44A Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345678-1234-abcd-ef00-01234567cffb, version 1.0 Description : Network Logon Service Windows process : lsass.exe Type : Local RPC service Named pipe : NTDS_LPC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345678-1234-abcd-ef00-01234567cffb, version 1.0 Description : Network Logon Service Windows process : lsass.exe Type : Local RPC service Named pipe : NETLOGON_LRPC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 Description : Unknown RPC service Annotation : KeyIso Type : Local RPC service Named pipe : audit Object UUID : 00000000-0000-0000-0000-000000000000 UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 Description : Unknown RPC service Annotation : KeyIso Type : Local RPC service Named pipe : securityevent Object UUID : 00000000-0000-0000-0000-000000000000 UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 Description : Unknown RPC service Annotation : KeyIso Type : Local RPC service Named pipe : LSARPC_ENDPOINT Object UUID : 00000000-0000-0000-0000-000000000000 UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 Description : Unknown RPC service Annotation : KeyIso Type : Local RPC service Named pipe : lsacap Object UUID : 00000000-0000-0000-0000-000000000000 UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 Description : Unknown RPC service Annotation : KeyIso Type : Local RPC service Named pipe : LSA_EAS_ENDPOINT Object UUID : 00000000-0000-0000-0000-000000000000 UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 Description : Unknown RPC service Annotation : KeyIso Type : Local RPC service Named pipe : lsapolicylookup Object UUID : 00000000-0000-0000-0000-000000000000 UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 Description : Unknown RPC service Annotation : KeyIso Type : Local RPC service Named pipe : lsasspirpc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 Description : Unknown RPC service Annotation : KeyIso Type : Local RPC service Named pipe : protected_storage Object UUID : 00000000-0000-0000-0000-000000000000 UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 Description : Unknown RPC service Annotation : KeyIso Type : Local RPC service Named pipe : SidKey Local End Point Object UUID : 00000000-0000-0000-0000-000000000000 UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 Description : Unknown RPC service Annotation : KeyIso Type : Local RPC service Named pipe : samss lpc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 Description : Unknown RPC service Annotation : KeyIso Type : Local RPC service Named pipe : OLE4FB330441E0EEEEA294397AFA44A Object UUID : 00000000-0000-0000-0000-000000000000 UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 Description : Unknown RPC service Annotation : KeyIso Type : Local RPC service Named pipe : NTDS_LPC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 Description : Unknown RPC service Annotation : KeyIso Type : Local RPC service Named pipe : NETLOGON_LRPC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : b9785960-524f-11df-8b6d-83dcded72085, version 1.0 Description : Unknown RPC service Annotation : SIDKEY Type : Local RPC service Named pipe : audit Object UUID : 00000000-0000-0000-0000-000000000000 UUID : b9785960-524f-11df-8b6d-83dcded72085, version 1.0 Description : Unknown RPC service Annotation : SIDKEY Type : Local RPC service Named pipe : securityevent Object UUID : 00000000-0000-0000-0000-000000000000 UUID : b9785960-524f-11df-8b6d-83dcded72085, version 1.0 Description : Unknown RPC service Annotation : SIDKEY Type : Local RPC service Named pipe : LSARPC_ENDPOINT Object UUID : 00000000-0000-0000-0000-000000000000 UUID : b9785960-524f-11df-8b6d-83dcded72085, version 1.0 Description : Unknown RPC service Annotation : SIDKEY Type : Local RPC service Named pipe : lsacap Object UUID : 00000000-0000-0000-0000-000000000000 UUID : b9785960-524f-11df-8b6d-83dcded72085, version 1.0 Description : Unknown RPC service Annotation : SIDKEY Type : Local RPC service Named pipe : LSA_EAS_ENDPOINT Object UUID : 00000000-0000-0000-0000-000000000000 UUID : b9785960-524f-11df-8b6d-83dcded72085, version 1.0 Description : Unknown RPC service Annotation : SIDKEY Type : Local RPC service Named pipe : lsapolicylookup Object UUID : 00000000-0000-0000-0000-000000000000 UUID : b9785960-524f-11df-8b6d-83dcded72085, version 1.0 Description : Unknown RPC service Annotation : SIDKEY Type : Local RPC service Named pipe : lsasspirpc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : b9785960-524f-11df-8b6d-83dcded72085, version 1.0 Description : Unknown RPC service Annotation : SIDKEY Type : Local RPC service Named pipe : protected_storage Object UUID : 00000000-0000-0000-0000-000000000000 UUID : b9785960-524f-11df-8b6d-83dcded72085, version 1.0 Description : Unknown RPC service Annotation : SIDKEY Type : Local RPC service Named pipe : SidKey Local End Point Object UUID : 00000000-0000-0000-0000-000000000000 UUID : b9785960-524f-11df-8b6d-83dcded72085, version 1.0 Description : Unknown RPC service Annotation : SIDKEY Type : Local RPC service Named pipe : samss lpc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : b9785960-524f-11df-8b6d-83dcded72085, version 1.0 Description : Unknown RPC service Annotation : SIDKEY Type : Local RPC service Named pipe : OLE4FB330441E0EEEEA294397AFA44A Object UUID : 00000000-0000-0000-0000-000000000000 UUID : b9785960-524f-11df-8b6d-83dcded72085, version 1.0 Description : Unknown RPC service Annotation : SIDKEY Type : Local RPC service Named pipe : NTDS_LPC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : b9785960-524f-11df-8b6d-83dcded72085, version 1.0 Description : Unknown RPC service Annotation : SIDKEY Type : Local RPC service Named pipe : NETLOGON_LRPC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : f2c9b409-c1c9-4100-8639-d8ab1486694a, version 1.0 Description : Unknown RPC service Annotation : Witness Client Upcall Server Type : Local RPC service Named pipe : DNSResolver Object UUID : 00000000-0000-0000-0000-000000000000 UUID : f2c9b409-c1c9-4100-8639-d8ab1486694a, version 1.0 Description : Unknown RPC service Annotation : Witness Client Upcall Server Type : Local RPC service Named pipe : LRPC-a0ce12374cd95ce789 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : eb081a0d-10ee-478a-a1dd-50995283e7a8, version 3.0 Description : Unknown RPC service Annotation : Witness Client Test Interface Type : Local RPC service Named pipe : DNSResolver Object UUID : 00000000-0000-0000-0000-000000000000 UUID : eb081a0d-10ee-478a-a1dd-50995283e7a8, version 3.0 Description : Unknown RPC service Annotation : Witness Client Test Interface Type : Local RPC service Named pipe : LRPC-a0ce12374cd95ce789 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 7f1343fe-50a9-4927-a778-0c5859517bac, version 1.0 Description : Unknown RPC service Annotation : DfsDs service Type : Local RPC service Named pipe : DNSResolver Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 7f1343fe-50a9-4927-a778-0c5859517bac, version 1.0 Description : Unknown RPC service Annotation : DfsDs service Type : Local RPC service Named pipe : LRPC-a0ce12374cd95ce789 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : dd490425-5325-4565-b774-7e27d6c09c24, version 1.0 Description : Unknown RPC service Annotation : Base Firewall Engine API Type : Local RPC service Named pipe : LRPC-62dc8eefe4a4736668 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 7f9d11bf-7fb9-436b-a812-b2d50c5d4c03, version 1.0 Description : Unknown RPC service Annotation : Fw APIs Type : Local RPC service Named pipe : LRPC-62dc8eefe4a4736668 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 7f9d11bf-7fb9-436b-a812-b2d50c5d4c03, version 1.0 Description : Unknown RPC service Annotation : Fw APIs Type : Local RPC service Named pipe : LRPC-81c5dd51162e83427c Object UUID : 00000000-0000-0000-0000-000000000000 UUID : f47433c3-3e9d-4157-aad4-83aa1f5c2d4c, version 1.0 Description : Unknown RPC service Annotation : Fw APIs Type : Local RPC service Named pipe : LRPC-62dc8eefe4a4736668 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : f47433c3-3e9d-4157-aad4-83aa1f5c2d4c, version 1.0 Description : Unknown RPC service Annotation : Fw APIs Type : Local RPC service Named pipe : LRPC-81c5dd51162e83427c Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0 Description : Unknown RPC service Annotation : Fw APIs Type : Local RPC service Named pipe : LRPC-62dc8eefe4a4736668 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0 Description : Unknown RPC service Annotation : Fw APIs Type : Local RPC service Named pipe : LRPC-81c5dd51162e83427c Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 7ea70bcf-48af-4f6a-8968-6a440754d5fa, version 1.0 Description : Unknown RPC service Annotation : NSI server endpoint Type : Local RPC service Named pipe : OLE1F1ED0C1C66D678AF6936107FFA9 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 7ea70bcf-48af-4f6a-8968-6a440754d5fa, version 1.0 Description : Unknown RPC service Annotation : NSI server endpoint Type : Local RPC service Named pipe : LRPC-ae4dce7b782af18a56 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0 Description : Unknown RPC service Annotation : WinHttp Auto-Proxy Service Type : Local RPC service Named pipe : OLE1F1ED0C1C66D678AF6936107FFA9 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0 Description : Unknown RPC service Annotation : WinHttp Auto-Proxy Service Type : Local RPC service Named pipe : LRPC-ae4dce7b782af18a56 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0 Description : Unknown RPC service Annotation : WinHttp Auto-Proxy Service Type : Local RPC service Named pipe : W32TIME_ALT Object UUID : 666f7270-6c69-7365-0000-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 6c637067-6569-746e-0000-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 24d1f7c7-76af-4f28-9ccd-7f6cb6468601 UUID : 2eb08e3e-639f-4fba-97b1-14f878961076, version 1.0 Description : Unknown RPC service Annotation : Group Policy RPC Interface Type : Local RPC service Named pipe : LRPC-9a4970385aaaf7cc8d Object UUID : 736e6573-0000-0000-0000-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 736e6573-0000-0000-0000-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Local RPC service Named pipe : OLEB81C8DE02641B1C3257D7CE05E81 Object UUID : 736e6573-0000-0000-0000-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Local RPC service Named pipe : senssvc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Local RPC service Named pipe : OLEB81C8DE02641B1C3257D7CE05E81 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Local RPC service Named pipe : senssvc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Local RPC service Named pipe : OLEB81C8DE02641B1C3257D7CE05E81 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Local RPC service Named pipe : senssvc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Local RPC service Named pipe : OLEB81C8DE02641B1C3257D7CE05E81 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Local RPC service Named pipe : senssvc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : OLEB81C8DE02641B1C3257D7CE05E81 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : senssvc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : ubpmtaskhostchannel Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : OLEB81C8DE02641B1C3257D7CE05E81 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : senssvc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : ubpmtaskhostchannel Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0 Description : Unknown RPC service Annotation : XactSrv service Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0 Description : Unknown RPC service Annotation : XactSrv service Type : Local RPC service Named pipe : OLEB81C8DE02641B1C3257D7CE05E81 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0 Description : Unknown RPC service Annotation : XactSrv service Type : Local RPC service Named pipe : senssvc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0 Description : Unknown RPC service Annotation : XactSrv service Type : Local RPC service Named pipe : ubpmtaskhostchannel Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 1a0d010f-1c33-432c-b0f5-8cf4e8053099, version 1.0 Description : Unknown RPC service Annotation : IdSegSrv service Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 1a0d010f-1c33-432c-b0f5-8cf4e8053099, version 1.0 Description : Unknown RPC service Annotation : IdSegSrv service Type : Local RPC service Named pipe : OLEB81C8DE02641B1C3257D7CE05E81 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 1a0d010f-1c33-432c-b0f5-8cf4e8053099, version 1.0 Description : Unknown RPC service Annotation : IdSegSrv service Type : Local RPC service Named pipe : senssvc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 1a0d010f-1c33-432c-b0f5-8cf4e8053099, version 1.0 Description : Unknown RPC service Annotation : IdSegSrv service Type : Local RPC service Named pipe : ubpmtaskhostchannel Object UUID : 00000000-0000-0000-0000-000000000000 UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0 Description : Unknown RPC service Annotation : IKE/Authip API Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0 Description : Unknown RPC service Annotation : IKE/Authip API Type : Local RPC service Named pipe : OLEB81C8DE02641B1C3257D7CE05E81 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0 Description : Unknown RPC service Annotation : IKE/Authip API Type : Local RPC service Named pipe : senssvc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0 Description : Unknown RPC service Annotation : IKE/Authip API Type : Local RPC service Named pipe : ubpmtaskhostchannel Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0 Description : Unknown RPC service Annotation : IP Transition Configuration endpoint Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0 Description : Unknown RPC service Annotation : IP Transition Configuration endpoint Type : Local RPC service Named pipe : OLEB81C8DE02641B1C3257D7CE05E81 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0 Description : Unknown RPC service Annotation : IP Transition Configuration endpoint Type : Local RPC service Named pipe : senssvc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0 Description : Unknown RPC service Annotation : IP Transition Configuration endpoint Type : Local RPC service Named pipe : ubpmtaskhostchannel Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0 Description : Unknown RPC service Annotation : Proxy Manager provider server endpoint Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0 Description : Unknown RPC service Annotation : Proxy Manager provider server endpoint Type : Local RPC service Named pipe : OLEB81C8DE02641B1C3257D7CE05E81 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0 Description : Unknown RPC service Annotation : Proxy Manager provider server endpoint Type : Local RPC service Named pipe : senssvc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0 Description : Unknown RPC service Annotation : Proxy Manager provider server endpoint Type : Local RPC service Named pipe : ubpmtaskhostchannel Object UUID : 00000000-0000-0000-0000-000000000000 UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0 Description : Unknown RPC service Annotation : Proxy Manager client server endpoint Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0 Description : Unknown RPC service Annotation : Proxy Manager client server endpoint Type : Local RPC service Named pipe : OLEB81C8DE02641B1C3257D7CE05E81 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0 Description : Unknown RPC service Annotation : Proxy Manager client server endpoint Type : Local RPC service Named pipe : senssvc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0 Description : Unknown RPC service Annotation : Proxy Manager client server endpoint Type : Local RPC service Named pipe : ubpmtaskhostchannel Object UUID : 00000000-0000-0000-0000-000000000000 UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0 Description : Unknown RPC service Annotation : Adh APIs Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0 Description : Unknown RPC service Annotation : Adh APIs Type : Local RPC service Named pipe : OLEB81C8DE02641B1C3257D7CE05E81 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0 Description : Unknown RPC service Annotation : Adh APIs Type : Local RPC service Named pipe : senssvc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0 Description : Unknown RPC service Annotation : Adh APIs Type : Local RPC service Named pipe : ubpmtaskhostchannel Object UUID : 73736573-6f69-656e-6e76-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 73736573-6f69-656e-6e76-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Local RPC service Named pipe : OLEB81C8DE02641B1C3257D7CE05E81 Object UUID : 73736573-6f69-656e-6e76-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Local RPC service Named pipe : senssvc Object UUID : 73736573-6f69-656e-6e76-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Local RPC service Named pipe : ubpmtaskhostchannel Object UUID : 73736573-6f69-656e-6e76-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Local RPC service Named pipe : DeviceSetupManager Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : OLEB81C8DE02641B1C3257D7CE05E81 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : senssvc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : ubpmtaskhostchannel Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : DeviceSetupManager Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : LRPC-aafd8955315f650457 Object UUID : 8c7daf44-b6dc-11d1-9a4c-0020af6e7c57 UUID : 8c7daf44-b6dc-11d1-9a4c-0020af6e7c57, version 1.0 Description : Application Management service Windows process : svchost.exe Annotation : Group Policy RPC Interface Type : Local RPC service Named pipe : LRPC-d506da2c1b91574047 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0 Description : Unknown RPC service Annotation : Event log TCPIP Type : Local RPC service Named pipe : eventlog Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0 Description : Unknown RPC service Annotation : NRP server endpoint Type : Local RPC service Named pipe : eventlog Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0 Description : Unknown RPC service Annotation : NRP server endpoint Type : Local RPC service Named pipe : LRPC-119fd0536677d80b1c Object UUID : 00000000-0000-0000-0000-000000000000 UUID : abfb6ca3-0c5e-4734-9285-0aee72fe8d1c, version 1.0 Description : Unknown RPC service Annotation : Wcm Service Type : Local RPC service Named pipe : eventlog Object UUID : 00000000-0000-0000-0000-000000000000 UUID : abfb6ca3-0c5e-4734-9285-0aee72fe8d1c, version 1.0 Description : Unknown RPC service Annotation : Wcm Service Type : Local RPC service Named pipe : LRPC-119fd0536677d80b1c Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0 Description : Unknown RPC service Annotation : DHCPv6 Client LRPC Endpoint Type : Local RPC service Named pipe : eventlog Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0 Description : Unknown RPC service Annotation : DHCPv6 Client LRPC Endpoint Type : Local RPC service Named pipe : LRPC-119fd0536677d80b1c Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0 Description : Unknown RPC service Annotation : DHCPv6 Client LRPC Endpoint Type : Local RPC service Named pipe : dhcpcsvc6 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0 Description : DHCP Client Service Windows process : svchost.exe Annotation : DHCP Client LRPC Endpoint Type : Local RPC service Named pipe : eventlog Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0 Description : DHCP Client Service Windows process : svchost.exe Annotation : DHCP Client LRPC Endpoint Type : Local RPC service Named pipe : LRPC-119fd0536677d80b1c Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0 Description : DHCP Client Service Windows process : svchost.exe Annotation : DHCP Client LRPC Endpoint Type : Local RPC service Named pipe : dhcpcsvc6 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0 Description : DHCP Client Service Windows process : svchost.exe Annotation : DHCP Client LRPC Endpoint Type : Local RPC service Named pipe : dhcpcsvc Object UUID : b08669ee-8cb5-43a5-a017-84fe00000001 UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : WMsgKRpc07CEC1 Object UUID : 52ef130c-08fd-4388-86b3-6edf00000001 UUID : 12e65dd8-887f-41ef-91bf-8d816c42c2e7, version 1.0 Description : Unknown RPC service Annotation : Secure Desktop LRPC interface Type : Local RPC service Named pipe : WMsgKRpc07CEC1 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 4bec6bb8-b5c2-4b6f-b2c1-5da5cf92d0d9, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : umpo Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 4bec6bb8-b5c2-4b6f-b2c1-5da5cf92d0d9, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : actkernel Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 085b0334-e454-4d91-9b8c-4134f9e793f3, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : umpo Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 085b0334-e454-4d91-9b8c-4134f9e793f3, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : actkernel Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 8782d3b9-ebbd-4644-a3d8-e8725381919b, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : umpo Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 8782d3b9-ebbd-4644-a3d8-e8725381919b, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : actkernel Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3b338d89-6cfa-44b8-847e-531531bc9992, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : umpo Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3b338d89-6cfa-44b8-847e-531531bc9992, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : actkernel Object UUID : 00000000-0000-0000-0000-000000000000 UUID : bdaa0970-413b-4a3e-9e5d-f6dc9d7e0760, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : umpo Object UUID : 00000000-0000-0000-0000-000000000000 UUID : bdaa0970-413b-4a3e-9e5d-f6dc9d7e0760, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : actkernel Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 2d98a740-581d-41b9-aa0d-a88b9d5ce938, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : umpo Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 2d98a740-581d-41b9-aa0d-a88b9d5ce938, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : actkernel Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 8bfc3be1-6def-4e2d-af74-7c47cd0ade4a, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : umpo Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 8bfc3be1-6def-4e2d-af74-7c47cd0ade4a, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : actkernel Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 1b37ca91-76b1-4f5e-a3c7-2abfc61f2bb0, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : umpo Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 1b37ca91-76b1-4f5e-a3c7-2abfc61f2bb0, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : actkernel Object UUID : 00000000-0000-0000-0000-000000000000 UUID : c605f9fb-f0a3-4e2a-a073-73560f8d9e3e, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : umpo Object UUID : 00000000-0000-0000-0000-000000000000 UUID : c605f9fb-f0a3-4e2a-a073-73560f8d9e3e, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : actkernel Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 0d3e2735-cea0-4ecc-a9e2-41a2d81aed4e, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : umpo Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 0d3e2735-cea0-4ecc-a9e2-41a2d81aed4e, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : actkernel Object UUID : 6d726574-7273-0076-0000-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Local RPC service Named pipe : umpo Object UUID : 6d726574-7273-0076-0000-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Local RPC service Named pipe : actkernel Object UUID : 6d726574-7273-0076-0000-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Local RPC service Named pipe : LRPC-0dda94fb16486359f2 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : umpo Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : actkernel Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : LRPC-0dda94fb16486359f2 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : LSMApi Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : LRPC-dada164e549af23860 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : umpo Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : actkernel Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : LRPC-0dda94fb16486359f2
|
34220 - Netstat Portscanner (WMI) |
[-/+] |
Synopsis
The list of open ports could be retrieved via netstat.Description
Using the WMI interface, it was possible to get the open ports by running the netstat command remotely.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/16, Modification date: 2017/04/03Ports
tcp/135
Port 135/tcp was found to be open
|
34252 - Microsoft Windows Remote Listeners Enumeration (WMI) |
[-/+] |
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/23, Modification date: 2017/04/03Ports
tcp/135
The Win32 process 'svchost.exe' is listening on this port (pid 664). This process 'svchost.exe' (pid 664) is hosting the following Windows services : RpcEptMapper (@%windir%\system32\RpcEpMap.dll,-1001) RpcSs (@combase.dll,-5010)
137/udp
|
10150 - Windows NetBIOS / SMB Remote Host Information Disclosure |
[-/+] |
Synopsis
It was possible to obtain the network name of the remote host.Description
The remote host is listening on UDP port 137 or TCP port 445, and replies to NetBIOS nbtscan or SMB requests. Note that this plugin gathers information to be used in other plugins, but does not itself generate a report.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 1999/10/12, Modification date: 2016/12/28Ports
udp/137
The following 5 NetBIOS names have been gathered : BLDAD01 = Computer name BLD01SEC = Domain Controllers BLD01SEC = Workgroup / Domain name BLDAD01 = File Server Service BLD01SEC = Domain Master Browser The remote host has the following MAC address on its adapter : 00:0c:29:c9:6c:c7
|
34220 - Netstat Portscanner (WMI) |
[-/+] |
Synopsis
The list of open ports could be retrieved via netstat.Description
Using the WMI interface, it was possible to get the open ports by running the netstat command remotely.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/16, Modification date: 2017/04/03Ports
udp/137
Port 137/udp was found to be open
|
34252 - Microsoft Windows Remote Listeners Enumeration (WMI) |
[-/+] |
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/23, Modification date: 2017/04/03Ports
udp/137
The Win32 process 'System' is listening on this port (pid 4).
138/udp
|
34220 - Netstat Portscanner (WMI) |
[-/+] |
Synopsis
The list of open ports could be retrieved via netstat.Description
Using the WMI interface, it was possible to get the open ports by running the netstat command remotely.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/16, Modification date: 2017/04/03Ports
udp/138
Port 138/udp was found to be open
|
34252 - Microsoft Windows Remote Listeners Enumeration (WMI) |
[-/+] |
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/23, Modification date: 2017/04/03Ports
udp/138
The Win32 process 'System' is listening on this port (pid 4).
139/tcp
|
11011 - Microsoft Windows SMB Service Detection |
[-/+] |
Synopsis
A file / print sharing service is listening on the remote host.Description
The remote service understands the CIFS (Common Internet File System) or Server Message Block (SMB) protocol, used to provide shared access to files, printers, etc between nodes on a network.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2002/06/05, Modification date: 2015/06/02Ports
tcp/139
An SMB server is running on this port.
|
34220 - Netstat Portscanner (WMI) |
[-/+] |
Synopsis
The list of open ports could be retrieved via netstat.Description
Using the WMI interface, it was possible to get the open ports by running the netstat command remotely.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/16, Modification date: 2017/04/03Ports
tcp/139
Port 139/tcp was found to be open
|
34252 - Microsoft Windows Remote Listeners Enumeration (WMI) |
[-/+] |
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/23, Modification date: 2017/04/03Ports
tcp/139
The Win32 process 'System' is listening on this port (pid 4).
161/udp
|
34220 - Netstat Portscanner (WMI) |
[-/+] |
Synopsis
The list of open ports could be retrieved via netstat.Description
Using the WMI interface, it was possible to get the open ports by running the netstat command remotely.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/16, Modification date: 2017/04/03Ports
udp/161
Port 161/udp was found to be open
|
34252 - Microsoft Windows Remote Listeners Enumeration (WMI) |
[-/+] |
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/23, Modification date: 2017/04/03Ports
udp/161
The Win32 process 'snmp.exe' is listening on this port (pid 1492). This process 'snmp.exe' (pid 1492) is hosting the following Windows services : SNMP (@%SystemRoot%\system32\snmp.exe,-3)
389/tcp
|
34252 - Microsoft Windows Remote Listeners Enumeration (WMI) |
[-/+] |
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/23, Modification date: 2017/04/03Ports
tcp/389
The Win32 process 'lsass.exe' is listening on this port (pid 480). This process 'lsass.exe' (pid 480) is hosting the following Windows services : Kdc (@%SystemRoot%\System32\kdcsvc.dll,-1) KdsSvc (@KdsSvc.dll,-100) KeyIso (@keyiso.dll,-100) Netlogon (@%SystemRoot%\System32\netlogon.dll,-102) NTDS (@%SystemRoot%\System32\ntdsmsg.dll,-1) SamSs (@%SystemRoot%\system32\samsrv.dll,-1)
389/udp
|
34220 - Netstat Portscanner (WMI) |
[-/+] |
Synopsis
The list of open ports could be retrieved via netstat.Description
Using the WMI interface, it was possible to get the open ports by running the netstat command remotely.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/16, Modification date: 2017/04/03Ports
udp/389
Port 389/udp was found to be open
445/tcp
|
91599 - MS16-071: Security Update for Microsoft Windows DNS Server (3164065) |
[-/+] |
Synopsis
The remote host is affected by a remote code execution vulnerability.Description
The remote Windows host is affected by a remote code execution vulnerability in the Windows Domain Name System (DNS) server due to improper handling of DNS requests. An unauthenticated, remote attacker can exploit this, via specially crafted DNS requests, to execute arbitrary code in the context of the Local System Account.See Also
Solution
Microsoft has released a set of patches for Windows 2012 and 2012 R2.Risk Factor
CriticalCVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IReferences
Plugin Information:
Publication date: 2016/06/14, Modification date: 2016/07/13Ports
tcp/445
- C:\Windows\system32\dns.exe has not been patched. Remote version : 6.3.9600.18094 Should be : 6.3.9600.18340
|
91605 - MS16-077: Security Update for WPAD (3165191) |
[-/+] |
Synopsis
The remote host is affected by multiple elevation of privilege vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple elevation of privilege vulnerabilities : - An elevation of privilege vulnerability exists in the Web Proxy Auto Discovery (WPAD) protocol due to improper handling of the proxy discovery process. A remote attacker can exploit this, by responding to NetBIOS name requests for WPAD, to bypass security restrictions and gain elevated privileges. (CVE-2016-3213) - An elevation of privilege vulnerability exists in the Web Proxy Auto Discovery (WPAD) protocol due to improper handling of certain proxy discovery scenarios. A remote attacker can exploit this to elevate privileges, resulting in the ability to disclose or control network traffic. (CVE-2016-3236) - An elevation of privilege vulnerability exists in NetBIOS due to improper handling of responses. A remote attacker can exploit this, via specially crafted NetBIOS responses, to appear as a trusted network device, resulting in the ability to render untrusted content in a browser outside of Enhanced Protected Mode (EPM) or an application container. (CVE-2016-3299)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, RT 8.1, 2012 R2, and 10. Note that cumulative update 3160005 in MS16-063 must also be installed in order to fully resolve CVE-2016-3213.Risk Factor
CriticalCVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.8 (CVSS2#E:POC/RL:OF/RC:C)STIG Severity
IReferences
Exploitable with
Core Impact (true)Plugin Information:
Publication date: 2016/06/14, Modification date: 2016/08/10Ports
tcp/445
- C:\Windows\system32\ws2_32.dll has not been patched. Remote version : 6.3.9600.17415 Should be : 6.3.9600.18340
|
97737 - MS17-010: Security Update for Microsoft Windows SMB Server (4013389) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by the following vulnerabilities : - Multiple remote code execution vulnerabilities exist in Microsoft Server Message Block 1.0 (SMBv1) due to improper handling of certain requests. An unauthenticated, remote attacker can exploit these vulnerabilities, via a specially crafted packet, to execute arbitrary code. (CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, CVE-2017-0148) - An information disclosure vulnerability exists in Microsoft Server Message Block 1.0 (SMBv1) due to improper handling of certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information. (CVE-2017-0147)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.Risk Factor
CriticalCVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
8.5 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IReferences
Plugin Information:
Publication date: 2017/03/15, Modification date: 2017/03/20Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 4012213 - 4012216 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.18228 Should be : 6.3.9600.18603
|
97743 - MS17-012: Security Update for Microsoft Windows (4013078) |
[-/+] |
Synopsis
The remote Windows host is affected multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability exists in Device Guard due to improper validation of certain elements in a signed PowerShell script. An unauthenticated, remote attacker can exploit this vulnerability to modify the contents of a PowerShell script without invalidating the signature associated with the file, allowing the execution of a malicious script. (CVE-2017-0007) - A denial of service vulnerability exists in the Microsoft Server Message Block 2.0 and 3.0 (SMBv2/SMBv3) client implementations due to improper handling of certain requests sent to the client. An unauthenticated, remote attacker can exploit this issue, via a malicious SMB server, to cause the system to stop responding until it is manually restarted. (CVE-2017-0016) - A remote code execution vulnerability exists due to using an insecure path to load certain dynamic link library (DLL) files. A local attacker can exploit this, via a specially crafted library placed in the path, to execute arbitrary code. (CVE-2017-0039) - An information disclosure vulnerability exists in Windows dnsclient due to improper handling of certain requests. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted web page, to gain access to sensitive information on a targeted workstation. If the target is a server, the attacker can also exploit this issue by tricking the server into sending a DNS query to a malicious DNS server. (CVE-2017-0057) - An elevation of privilege vulnerability exists in Helppane.exe due to a failure by an unspecified DCOM object, configured to run as the interactive user, to properly authenticate the client. An authenticated, remote attacker can exploit this, via a specially crafted application, to execute arbitrary code in another user's session. (CVE-2017-0100) - An integer overflow condition exists in the iSNS Server service due to improper validation of input from the client. An unauthenticated, remote attacker can exploit this issue, via a specially crafted application that connects and issues requests to the iSNS server, to execute arbitrary code in the context of the SYSTEM account. (CVE-2017-0104)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.Risk Factor
CriticalCVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
8.8 (CVSS:3.0/E:P/RL:O/RC:C)CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.8 (CVSS2#E:POC/RL:OF/RC:C)STIG Severity
IReferences
Plugin Information:
Publication date: 2017/03/15, Modification date: 2017/03/20Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 4012213 - 4012216 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.18228 Should be : 6.3.9600.18603
|
97833 - MS17-010: Security Update for Microsoft Windows SMB Server (4013389) (uncredentialed check) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple vulnerabilities.Description
The remote Windows host is affected by the following vulnerabilities : - Multiple remote code execution vulnerabilities exist in Microsoft Server Message Block 1.0 (SMBv1) due to improper handling of certain requests. An unauthenticated, remote attacker can exploit these vulnerabilities, via a specially crafted packet, to execute arbitrary code. (CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, CVE-2017-0148) - An information disclosure vulnerability exists in Microsoft Server Message Block 1.0 (SMBv1) due to improper handling of certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information. (CVE-2017-0147)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.Risk Factor
CriticalCVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
8.5 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IReferences
Plugin Information:
Publication date: 2017/03/20, Modification date: 2017/03/23Ports
tcp/445
|
53382 - MS11-025: Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution (2500212) |
[-/+] |
Synopsis
Arbitrary code can be executed on the remote host through the Microsoft Foundation Class library.Description
The remote Windows host contains a version of the Microsoft Foundation Class (MFC) library affected by an insecure library loading vulnerability. The path used for loading external libraries is not securely restricted. An attacker can exploit this by tricking a user into opening an MFC application in a directory that contains a malicious DLL, resulting in arbitrary code execution.See Also
Solution
Microsoft has released a set of patches for Visual Studio .NET 2003, 2005, and 2008, as well as Visual C++ 2005, 2008, and 2010.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IIReferences
Plugin Information:
Publication date: 2011/04/13, Modification date: 2016/05/06Ports
tcp/445
The following Visual C++ Redistributable Package has not been patched : Product : Visual C++ 2008 SP1 Redistributable Package 32-bit Installed version : 9.0.30729.4148 Fixed version : 9.0.30729.6161
|
81264 - MS15-011: Vulnerability in Group Policy Could Allow Remote Code Execution (3000483) |
[-/+] |
Synopsis
The remote Windows host is affected by a remote code execution vulnerability.Description
The remote Windows host is affected by a remote code execution vulnerability due to how the Group Policy service manages policy data when a domain-joined system connects to a domain controller. An attacker, using a controlled network, can exploit this to gain complete control of the host. Note that Microsoft has no plans to release an update for Windows 2003 even though it is affected by this vulnerability.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
8.1 (CVSS2#E:ND/RL:OF/RC:C)STIG Severity
IReferences
| BID |
72477
|
| CVE |
CVE-2015-0008
|
| XREF |
OSVDB:118181 |
| XREF |
CERT:787252 |
| XREF |
MSFT:MS15-011 |
| XREF |
IAVA:2015-A-0033 |
Exploitable with
Core Impact (true)Plugin Information:
Publication date: 2015/02/10, Modification date: 2015/05/18Ports
tcp/445
KB 3000483 or a related, subsequent update was successfully installed, but the GPO setting "Hardened UNC Paths" has not been enabled.
|
87253 - MS15-124: Cumulative Security Update for Internet Explorer (3116180) |
[-/+] |
Synopsis
The remote host has a web browser installed that is affected by multiple vulnerabilities.Description
The version of Internet Explorer installed on the remote host is missing Cumulative Security Update 3116180. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these issues by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2015/12/08, Modification date: 2016/04/29Ports
tcp/445
ASLR hardening settings for Internet Explorer in KB3125869 have not been applied. The following DWORD keys must be created with a value of 1: - HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING\iexplore.exe - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING\iexplore.exe
|
90431 - MS16-037: Cumulative Security Update for Internet Explorer (3148531) |
[-/+] |
Synopsis
The remote host has a web browser installed that is affected by multiple vulnerabilities.Description
The version of Internet Explorer installed on the remote host is missing Cumulative Security Update 3148531. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these issues by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.See Also
Solution
Microsoft has released a set of patches for Internet Explorer 9, 10, and 11.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)References
Exploitable with
Core Impact (true)Plugin Information:
Publication date: 2016/04/12, Modification date: 2016/07/18Ports
tcp/445
- C:\Windows\system32\mshtml.dll has not been patched. Remote version : 11.0.9600.18231 Should be : 11.0.9600.18281
|
90433 - MS16-039: Security Update for Microsoft Graphics Component (3148522) |
[-/+] |
Synopsis
The remote host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - Multiple elevation of privilege vulnerabilities exist in the Windows kernel-mode driver due to a failure to properly handle objects in memory. An attacker can exploit these vulnerabilities to execute arbitrary code in kernel mode. (CVE-2016-0143, CVE-2016-0165, CVE-2016-0167) - A remote code execution vulnerability exists in the Windows font library due to improper handling of embedded fonts. An attacker can exploit this vulnerability by convincing a user to open a file or visit a website containing specially crafted embedded fonts, resulting in the execution of arbitrary code in the context of the current user. (CVE-2016-0145)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10. Additionally, Microsoft has released a set of patches for Office 2007, Office 2010, Word Viewer, Skype for Business 2016, Lync 2010, Lync 2013, Live Meeting 2007 Console, .NET framework 3.0 SP2, .NET framework 3.5, and .NET framework 3.5.1.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:ND)STIG Severity
IIReferences
Exploitable with
Core Impact (true)Plugin Information:
Publication date: 2016/04/12, Modification date: 2016/07/18Ports
tcp/445
- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll has not been patched. Remote version : 3.0.6920.8010 Should be : 3.0.6920.8712 - C:\Windows\system32\win32k.sys has not been patched. Remote version : 6.3.9600.18228 Should be : 6.3.9600.18290
|
90434 - MS16-040: Security Update for Microsoft XML Core Services (3148541) |
[-/+] |
Synopsis
The remote host is affected by a remote code execution vulnerability.Description
The remote Windows host is affected by a remote code execution vulnerability in the Microsoft XML Core Services (MSXML) parser due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this vulnerability, by convincing a user to visit a specially-crafted website that is designed to invoke MSXML through Internet Explorer, to execute arbitrary code in the context of the current user.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/04/12, Modification date: 2017/03/21Ports
tcp/445
- C:\Windows\system32\Msxml3.dll has not been patched. Remote version : 8.110.9600.17931 Should be : 8.110.9600.18258
|
90437 - MS16-044: Security Update for Windows OLE (3146706) |
[-/+] |
Synopsis
The remote Windows host is affected by a remote code execution vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by a remote code execution vulnerability in Windows OLE due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this vulnerability by convincing a user to open a specially crafted file, resulting in the execution of arbitrary code in the context of the current user.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, and 2012 R2.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/04/12, Modification date: 2016/07/18Ports
tcp/445
- C:\Windows\system32\ole32.dll has not been patched. Remote version : 6.3.9600.18227 Should be : 6.3.9600.18256
|
90441 - MS16-048: Security Update for CSRSS (3148528) |
[-/+] |
Synopsis
The remote host is affected by a security feature bypass vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by a security feature bypass vulnerability in the Client-Server Run-time Subsystem (CSRSS) due to improper management of process tokens in memory. A local attacker can exploit this vulnerability, via a specially crafted application, to escalate privileges and execute arbitrary code as an administrator.See Also
Solution
Microsoft has released a set of patches for Windows 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.6 (CVSS2#E:POC/RL:OF/RC:ND)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/04/12, Modification date: 2016/07/18Ports
tcp/445
- C:\Windows\system32\basesrv.dll has not been patched. Remote version : 6.3.9600.17933 Should be : 6.3.9600.18258
|
91001 - MS16-051: Cumulative Security Update for Internet Explorer (3155533) |
[-/+] |
Synopsis
The remote host has a web browser installed that is affected by multiple vulnerabilities.Description
The version of Internet Explorer installed on the remote host is missing Cumulative Security Update 3155533. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these issues by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.See Also
Solution
Microsoft has released a set of patches for Internet Explorer 9, 10, and 11.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:ND)References
Exploitable with
Core Impact (true)Metasploit (true)Plugin Information:
Publication date: 2016/05/10, Modification date: 2016/12/09Ports
tcp/445
- C:\Windows\system32\mshtml.dll has not been patched. Remote version : 11.0.9600.18231 Should be : 11.0.9600.18321
|
91005 - MS16-055: Security Update for Microsoft Graphics Component (3156754) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - Multiple information disclosure vulnerabilities exist in the Windows Graphics component. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to visit a specially crafted website or open open a specially crafted document, resulting in the disclosure of memory contents. (CVE-2016-0168, CVE-2016-0169) - A remote code execution vulnerability exists in the Windows Graphics component due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this vulnerability by convincing a user t visit a specially crafted website or open open a specially crafted document, resulting in the execution of arbitrary code in the context of the current user. (CVE-2016-0170) - A remote code execution vulnerability exists in the Direct3D component due to a use-after-free error. An unauthenticated, remote attacker can exploit this vulnerability by convincing a user to visit a specially crafted website or open open a specially crafted document, resulting in the execution of arbitrary code in the context of the current user. (CVE-2016-0170) - A remote code execution vulnerability exists in the Windows Imaging component due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this vulnerability by convincing a user t visit a specially crafted website or open open a specially crafted document, resulting in the execution of arbitrary code in the context of the current user. (CVE-2016-0195)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/05/10, Modification date: 2016/07/13Ports
tcp/445
- C:\Windows\system32\Windowscodecs.dll has not been patched. Remote version : 6.3.9600.17669 Should be : 6.3.9600.18302
|
91007 - MS16-057: Security Update for Windows Shell (3156987) |
[-/+] |
Synopsis
The remote host is affected by a remote code execution vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by a remote code execution vulnerability in Windows Shell due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this vulnerability by convincing a user to visit a crafted website, resulting in the execution of arbitrary code in the context of the current user.See Also
Solution
Microsoft has released a set of patches for Windows 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/05/10, Modification date: 2016/07/13Ports
tcp/445
- C:\Windows\system32\Windows.ui.dll has not been patched. Remote version : 6.3.9600.17415 Should be : 6.3.9600.18302
|
91010 - MS16-060: Security Update for Windows Kernel (3154846) |
[-/+] |
Synopsis
The remote Windows host is affected by a privilege escalation vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by a privilege escalation vulnerability due to improper parsing of certain symbolic links. A local attacker can exploit this vulnerability, via a specially crafted application, to access privileged registry keys, resulting in an elevation of privileges.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, RT, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/05/10, Modification date: 2016/07/13Ports
tcp/445
- C:\Windows\system32\ntoskrnl.exe has not been patched. Remote version : 6.3.9600.18202 Should be : 6.3.9600.18289
|
91011 - MS16-061: Security Update for Microsoft RPC (3155520) |
[-/+] |
Synopsis
The remote Windows host is affected by a remote code execution vulnerability.Description
The remote Windows host is affected by a remote code execution vulnerability in the Microsoft RPC Network Data Representation (NDR) Engine due to improper handling of memory. An authenticated, remote attacker can exploit this vulnerability, via malformed RPC requests, to execute arbitrary code.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)CVSS Temporal Score
6.7 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IReferences
Plugin Information:
Publication date: 2016/05/10, Modification date: 2016/07/13Ports
tcp/445
- C:\Windows\system32\Rpcrt4.dll has not been patched. Remote version : 6.3.9600.17919 Should be : 6.3.9600.18292
|
91012 - MS16-062: Security Update for Windows Kernel-Mode Drivers (3158222) |
[-/+] |
Synopsis
The remote host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - Multiple privilege escalation vulnerabilities exist in the Windows kernel-mode driver due to a failure to properly handle objects in memory. An authenticated, remote attacker can exploit this, via a crafted application, to execute arbitrary code. (CVE-2016-0171, CVE-2016-0173, CVE-2016-0174, CVE-2016-0196) - A security feature bypass vulnerability exists in the Windows kernel. An authenticated, remote attacker can exploit this, via a crafted application, to bypass the Kernel Address Space Layout Randomization (KASLR) feature and retrieve the memory address of a kernel object. (CVE-2016-0175) - A privilege escalation vulnerability exists in the DirectX Graphics kernel subsystem due to a failure to properly handle objects in memory. An authenticated, remote attacker can exploit this, via a crafted application, to execute arbitrary code. (CVE-2016-0176) - A privilege escalation vulnerability exists in the DirectX Graphics kernel subsystem due to a failure to correctly map kernel memory and to handle objects in memory. An authenticated, remote attacker can exploit this, via a crafted application, to execute arbitrary code. (CVE-2016-0197)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)CVSS Temporal Score
7.4 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/05/10, Modification date: 2016/07/13Ports
tcp/445
- C:\Windows\system32\win32k.sys has not been patched. Remote version : 6.3.9600.18228 Should be : 6.3.9600.18302
|
91596 - MS16-063: Cumulative Security Update for Internet Explorer (3163649) |
[-/+] |
Synopsis
The remote host has a web browser installed that is affected by multiple vulnerabilities.Description
The version of Internet Explorer installed on the remote host is missing Cumulative Security Update 3163649. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these issues by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.See Also
Solution
Microsoft has released a set of patches for Internet Explorer 9, 10, and 11. Note that the security update in MS16-077 must also be installed in order to fully resolve CVE-2016-3213.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)References
Exploitable with
Core Impact (true)Plugin Information:
Publication date: 2016/06/14, Modification date: 2017/02/06Ports
tcp/445
- C:\Windows\system32\mshtml.dll has not been patched. Remote version : 11.0.9600.18231 Should be : 11.0.9600.18349 The remote host is missing MS16-077.
|
91600 - MS16-072: Security Update for Group Policy (3163622) |
[-/+] |
Synopsis
The remote host is affected by an elevation of privilege vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by an elevation of privilege vulnerability due to a lack of Kerberos authentication for certain calls over LDAP when processing group policy updates. A man-in-the-middle attacker can exploit this vulnerability to create arbitrary group policies and grant a standard user elevated, administrative privileges.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS Base Score
7.1 (CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C)CVSS Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IReferences
Plugin Information:
Publication date: 2016/06/14, Modification date: 2016/07/13Ports
tcp/445
- C:\Windows\system32\gpprefcl.dll has not been patched. Remote version : 6.3.9600.17415 Should be : 6.3.9600.18339
|
91601 - MS16-073: Security Update for Windows Kernel-Mode Drivers (3164028) |
[-/+] |
Synopsis
The remote host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - Multiple elevation of privilege vulnerabilities exist in the kernel-mode driver due to improper handling of objects in memory. An authenticated, remote attacker can exploit these, via a specially crafted application, to run arbitrary code in kernel mode. (CVE-2016-3218, CVE-2016-3221) - An information disclosure vulnerability exists in the Windows Virtual PCI (VPCI) virtual service provider (VSP) due to improper handling of uninitialized memory. An authenticated, remote attacker can exploit this, via a specially crafted application, to disclose sensitive memory contents. (CVE-2016-3232)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)CVSS Temporal Score
6.7 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/06/14, Modification date: 2016/07/18Ports
tcp/445
- C:\Windows\system32\drivers\vpcivsp.sys has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18340 - C:\Windows\system32\win32k.sys has not been patched. Remote version : 6.3.9600.18228 Should be : 6.3.9600.18340
|
91602 - MS16-074: Security Update for Microsoft Graphics Component (3164036) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the Windows Graphics Component due to a failure to properly handle objects in memory. A local attacker can exploit this to disclose memory contents. (CVE-2016-3216) - An elevation of privilege vulnerability exists due to a failure to properly handle objects in memory. A local attacker can exploit this vulnerability, via a specially crafted application, to run processes in an elevated context. (CVE-2016-3219) - An elevation of privilege vulnerability exists in the Adobe Type Manager Font Driver due to improper handling of objects in memory. A local attacker can exploit this vulnerability, via a specially crafted application, to execute arbitrary code in an elevated context. (CVE-2016-3220)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.6 (CVSS2#E:POC/RL:OF/RC:ND)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/06/14, Modification date: 2016/07/13Ports
tcp/445
- C:\Windows\system32\atmfd.dll has not been patched. Remote version : 5.1.2.247 Should be : 5.1.2.248
|
91603 - MS16-075: Security Update for Windows SMB Server (3164038) |
[-/+] |
Synopsis
The remote Windows host is affected by an elevation of privilege vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by an elevation of privilege vulnerability in the Microsoft Server Message Block (SMB) server when handling forwarded credential requests that are intended for another service running on the same host. An authenticated attacker can exploit this, via a specially crafted application, to execute arbitrary code with elevated permissions.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)CVSS Temporal Score
6.7 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/06/14, Modification date: 2016/07/13Ports
tcp/445
- C:\Windows\system32\drivers\srvnet.sys has not been patched. Remote version : 6.3.9600.17222 Should be : 6.3.9600.18340
|
91604 - MS16-076: Security Update for Netlogon (3167691) |
[-/+] |
Synopsis
The remote Windows host is affected by a remote code execution vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by a remote code execution vulnerability due to improper handling of objects in memory. A domain-authenticated attacker can exploit this, via a specially crafted Netlogon request to a domain controller, to execute arbitrary code.See Also
Solution
Microsoft has released a set of patches for Windows 2008, 2008 R2, 2012, and 2012 R2.Risk Factor
HighCVSS Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)CVSS Temporal Score
6.7 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/06/14, Modification date: 2016/07/13Ports
tcp/445
- C:\Windows\system32\wdigest.dll has not been patched. Remote version : 6.3.9600.17415 Should be : 6.3.9600.18334
|
91607 - MS16-080: Security Update for Microsoft Windows PDF (3164302) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - Multiple information disclosure vulnerabilities exist due to improper parsing of .pdf files. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to open a specially crafted .pdf file, resulting in the disclosure of sensitive information in the context of the current user. (CVE-2016-3201, CVE-2016-3215) - A remote code execution vulnerability exists due to improper parsing of .pdf files. An unauthenticated, remote attacker can exploit this vulnerability by convincing a user to open a specially crafted .pdf file, resulting in the execution of arbitrary code in the context of the current user. (CVE-2016-3203)See Also
Solution
Microsoft has released a set of patches for Windows 2012, 8.1, 2012 R2, and 10.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/06/14, Modification date: 2016/07/13Ports
tcp/445
- C:\Windows\system32\glcndfilter.dll has not been patched. Remote version : 6.3.9600.18229 Should be : 6.3.9600.18336
|
92015 - MS16-084: Cumulative Security Update for Internet Explorer (3169991) |
[-/+] |
Synopsis
The remote host has a web browser installed that is affected by multiple vulnerabilities.Description
The version of Internet Explorer installed on the remote host is missing Cumulative Security Update 3169991. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these issues by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.See Also
Solution
Microsoft has released a set of patches for Internet Explorer 9, 10, and 11.Risk Factor
HighCVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
8.8 (CVSS:3.0/E:P/RL:O/RC:C)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/07/12, Modification date: 2017/03/22Ports
tcp/445
- C:\Windows\system32\mshtml.dll has not been patched. Remote version : 11.0.9600.18231 Should be : 11.0.9600.18378
|
92018 - MS16-087: Security Update for Windows Print Spooler (3170005) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the Windows Print Spooler service due to improper validation of print drivers while installing a printer from network servers. An unauthenticated, remote attacker can exploit this vulnerability, via a man-in-the-middle attack on a workstation or print server or via a rogue print server, to execute arbitrary code in the context of the current user. (CVE-2016-3238) - An elevation of privilege vulnerability exists in the Windows Print Spooler service due to improperly allowing arbitrary writing to the file system. An attacker can exploit this issue, via a specially crafted script or application, to execute arbitrary code with elevated system privileges. (CVE-2016-3239)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/07/12, Modification date: 2016/08/03Ports
tcp/445
- C:\Windows\System32\ntprint.dll has not been patched. Remote version : 6.3.9600.17415 Should be : 6.3.9600.18398
|
92021 - MS16-090: Security Update for Windows Kernel-Mode Drivers (3171481) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - Multiple elevation of privilege vulnerabilities exist in the kernel-mode driver due to improper handling of objects in memory. An authenticated, remote attacker can exploit these, via a specially crafted application, to run arbitrary code in kernel mode. (CVE-2016-3249, CVE-2016-3250, CVE-2016-3252, CVE-2016-3254, CVE-2016-3286) - An information disclosure vulnerability exists in the Windows GDI component due improper handling of objects in memory. An authenticated, remote attacker can exploit this, via a specially crafted application, to disclose kernel memory addresses. (CVE-2016-3251)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, 2012 R2, and 10.Risk Factor
HighCVSS Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)CVSS Temporal Score
7.0 (CVSS2#E:POC/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/07/12, Modification date: 2017/03/21Ports
tcp/445
- C:\Windows\system32\win32k.sys has not been patched. Remote version : 6.3.9600.18228 Should be : 6.3.9600.18377
|
92023 - MS16-092: Security Update for Windows Kernel (3171910) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability exists in the Windows kernel due to improper validation of how a low integrity application can use certain object manager features. An attacker can exploit this issue to take advantage of time-of-check time-of-use (TOCTOU) issues in file path-based checks from a low integrity application, allowing the attacker to modify files outside of a low integrity level application. (CVE-2016-3258) - An information disclosure vulnerability exists in the Windows kernel due to a failure to properly handle certain page fault system calls. A local attacker can exploit this, via a specially crafted application, to disclose information from one process to another. (CVE-2016-3272)See Also
Solution
Microsoft has released a set of patches for Windows 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/07/12, Modification date: 2016/08/03Ports
tcp/445
The registry does not contain the update to DisablePageCombining - C:\Windows\system32\ntoskrnl.exe has not been patched. Remote version : 6.3.9600.18202 Should be : 6.3.9600.18378
|
92025 - MS16-094: Security Update for Secure Boot (3177404) |
[-/+] |
Synopsis
The remote host is affected by a security bypass vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by a security bypass vulnerability in the Secure Boot component due to improperly applying an affected policy. An attacker who has either administrative privileges or access to the host can exploit this issue, via installing a crafted policy, to disable code integrity checks, thus allowing test-signed executables and drivers to be loaded on the target host. Moreover, the attacker can exploit this issue to bypass the Secure Boot integrity validation for BitLocker and the device encryption security features.See Also
Solution
Microsoft has released a set of patches for Windows 2012, 8.1, RT 8.1, 2012 R2, and 10Risk Factor
HighCVSS Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)CVSS Temporal Score
6.7 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/07/12, Modification date: 2016/08/03Ports
tcp/445
The relevant update does not appear to be installed. This was determined by checking the contents of : C:\Windows\System32\CodeIntegrity\driver.stl
|
92819 - MS16-095: Cumulative Security Update for Internet Explorer (3177356) |
[-/+] |
Synopsis
The remote host has a web browser installed that is affected by multiple vulnerabilities.Description
The version of Internet Explorer installed on the remote Windows host is missing Cumulative Security Update 3177356. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.See Also
Solution
Microsoft has released a set of patches for Internet Explorer 9, 10, and 11.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/08/09, Modification date: 2016/12/09Ports
tcp/445
- C:\Windows\system32\mshtml.dll has not been patched. Remote version : 11.0.9600.18231 Should be : 11.0.9600.18427
|
92821 - MS16-098: Security Update for Windows Kernel-Mode Drivers (3178466) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities in the Windows kernel-mode driver due to a failure to properly handle objects in memory. An authenticated, remote attacker can exploit these issues, via a crafted application, to execute arbitrary code in kernel mode.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)CVSS Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)CVSS Temporal Score
7.4 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IIReferences
Exploitable with
Core Impact (true)Plugin Information:
Publication date: 2016/08/09, Modification date: 2017/01/06Ports
tcp/445
- C:\Windows\system32\win32k.sys has not been patched. Remote version : 6.3.9600.18228 Should be : 6.3.9600.18405
|
92822 - MS16-100: Security Update for Secure Boot (3179577) |
[-/+] |
Synopsis
The remote Windows host is affected by a security bypass vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by a security bypass vulnerability in Secure Boot due to improper handling of malicious boot managers. An attacker with administrative privileges can exploit this vulnerability to bypass code integrity checks and load test-signed executables and drivers.See Also
Solution
Microsoft has released a set of patches for Windows 2012, 8.1, RT 8.1, 2012 R2, and 10. Alternatively, as a workaround, configure BitLocker to use Trusted Platform Module (TPM)+PIN protection or disable Secure Boot integrity protection of BitLocker per the vendor advisory.Risk Factor
HighCVSS v3.0 Base Score
7.2 (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)CVSS Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)CVSS Temporal Score
6.7 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/08/09, Modification date: 2016/12/09Ports
tcp/445
- C:\Windows\system32\tpmtasks.dll has not been patched. Remote version : 6.3.9600.17415 Should be : 6.3.9600.18408
|
92823 - MS16-101: Security Update for Windows Authentication Methods (3178465) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - A security downgrade vulnerability exists in Kerberos due to improper handling of password change requests. A man-in-the-middle attacker can exploit this to cause the authentication protocol to fall back to the NT LAN Manager (NTLM) authentication protocol, resulting in a bypass of Kerberos authentication. (CVE-2016-3237) - An elevation of privilege vulnerability exists in Windows Netlogon due to a failure to properly establish secure communications to a domain controller. A local attacker who has access to a domain-joined machine that points to a domain controller running either Windows Server 2012 or 2012 R2 can exploit this vulnerability to gain elevated privileges via a specially crafted application. (CVE-2016-3300)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.0 (CVSS:3.0/E:P/RL:O/RC:C)CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.6 (CVSS2#E:POC/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/08/09, Modification date: 2016/12/09Ports
tcp/445
- C:\Windows\system32\netlogon.dll has not been patched. Remote version : 6.3.9600.17901 Should be : 6.3.9600.18405
|
92824 - MS16-102: Security Update for Microsoft Windows PDF Library (3182248) |
[-/+] |
Synopsis
The remote Windows host is affected by a remote code execution vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by a remote code execution vulnerability in the Microsoft Windows PDF Library due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this vulnerability by convincing a user to open a specially crafted PDF file or visit a website containing specially crafted PDF content, resulting in the execution of arbitrary code in the context of the current user.See Also
Solution
Microsoft has released a set of patches for Windows 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/08/09, Modification date: 2016/12/09Ports
tcp/445
- C:\Windows\system32\windows.data.pdf.dll has not been patched. Remote version : 6.3.9600.18229 Should be : 6.3.9600.18403
|
92843 - MS16-097: Security Update for Microsoft Graphics Component (3177393) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities in the Graphics component due to improper handling of embedded fonts by the Windows font library. An unauthenticated, remote attacker can exploit these vulnerabilities, by convincing a user to visit a malicious website or open a specially crafted document file, to execute arbitrary code in the context of the current user.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.9 (CVSS:3.0/E:P/RL:O/RC:X)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:ND)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/08/10, Modification date: 2017/01/05Ports
tcp/445
None of the versions of 'GdiPlus.dll' under C:\Windows\WinSxS have been patched. Fixed version : 6.3.9600.18405
|
93464 - MS16-104: Cumulative Security Update for Internet Explorer (3183038) |
[-/+] |
Synopsis
The remote host has a web browser installed that is affected by multiple vulnerabilities.Description
The version of Internet Explorer installed on the remote Windows host is missing Cumulative Security Update 3183038. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.See Also
Solution
Microsoft has released a set of patches for Internet Explorer 9, 10, and 11. Note that MS16-116 must also be installed to fully resolve CVE-2016-3375.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/09/13, Modification date: 2016/12/09Ports
tcp/445
- C:\Windows\system32\mshtml.dll has not been patched. Remote version : 11.0.9600.18231 Should be : 11.0.9600.18450
|
93466 - MS16-106: Security Update for Microsoft Graphics Component (3185848) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - Multiple elevation of privilege vulnerabilities exist in Windows kernel-mode drivers due to improper handling of objects in memory. An authenticated, remote attacker can exploit these, via a specially crafted application, to run arbitrary code in kernel mode. (CVE-2016-3348, CVE-2016-3349) - An information disclosure vulnerability exists in the Graphics Device Interface (GDI) due to improper handling of objects in memory. An authenticated, remote attacker can exploit this, via a specially crafted application, to circumvent the Address Space Layout Randomization (ASLR) feature and disclose sensitive memory information. (CVE-2016-3354) - An elevation of privilege vulnerability exists in the Graphics Device Interface (GDI) due to improper handling of objects in memory. An authenticated, remote attacker can exploit this to run arbitrary code in kernel mode. (CVE-2016-3355) - An unspecified flaw exists in the Graphics Device Interface (GDI) due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a malicious document, to execute arbitrary code in the context of the current user. (CVE-2016-3356See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/09/13, Modification date: 2017/03/21Ports
tcp/445
- C:\Windows\system32\win32k.sys has not been patched. Remote version : 6.3.9600.18228 Should be : 6.3.9600.18439
|
93469 - MS16-110: Security Update for Microsoft Windows (3178467) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists due to a failure to properly enforce permissions when loading specially crafted DLLs. A local attacker can exploit this vulnerability to execute arbitrary code with administrator privileges. (CVE-2016-3346) - An information disclosure vulnerability exists due to a failure to properly validate NT LAN Manager (NTLM) Single Sign-On (SSO) requests during Microsoft Account (MSA) login sessions. An unauthenticated, remote attacker can exploit this vulnerability, by convincing a user to load a malicious document that initiates an NTLM SSO validation request or to visit a malicious website or SMB / UNC path destination, to disclose a user's NTLM password hash. (CVE-2016-3352) - A remote code execution vulnerability exists due to improper handling of objects in memory. A remote attacker with a domain user account can exploit this vulnerability, via a specially crafted request, to execute arbitrary code with elevated permissions. (CVE-2016-3368) - A denial of service vulnerability exists due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this to cause the system to stop responding. (CVE-2016-3369)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)CVSS Temporal Score
6.7 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IReferences
Plugin Information:
Publication date: 2016/09/13, Modification date: 2016/12/09Ports
tcp/445
- C:\Windows\system32\ntdsai.dll has not been patched. Remote version : 6.3.9600.18009 Should be : 6.3.9600.18435
|
93470 - MS16-111: Security Update for Windows Kernel (3186973) |
[-/+] |
Synopsis
The remote host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - Multiple elevation of privilege vulnerabilities exist due to improper handling of session objects. A local attacker can exploit these, via a specially crafted application, to hijack the session of another user. (CVE-2016-3305, CVE-2016-3306) - An flaw exists in the Windows Kernel API due to improper enforcement of permissions. A local attacker can exploit this, via a specially crafted application, to elevate privileges and thereby disclose potentially sensitive information. (CVE-2016-3371) - An elevation of privilege vulnerability exists in the Windows Kernel API due to improper enforcement of permissions. A local attacker can exploit this, via a specially crafted application, to impersonate processes, interject cross-process communication, or interrupt system functionality. (CVE-2016-3372) - An flaw exists in the Windows Kernel API due to improperly allowing access to sensitive registry information. A local attacker can exploit this, via a specially crafted application, to elevate privileges and thereby gain access to user account information. (CVE-2016-3373)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.6 (CVSS2#E:POC/RL:OF/RC:C)STIG Severity
IIReferences
Exploitable with
CANVAS (true)Plugin Information:
Publication date: 2016/09/13, Modification date: 2017/03/21Ports
tcp/445
- C:\Windows\system32\ntoskrnl.exe has not been patched. Remote version : 6.3.9600.18202 Should be : 6.3.9600.18438
|
93471 - MS16-112: Security Update for Windows Lock Screen (3178469) |
[-/+] |
Synopsis
The remote Windows host is affected by an elevation of privilege vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by an elevation of privilege vulnerability due to improperly allowing web content to load from the Windows lock screen. A local attacker can exploit this, by connecting to a maliciously configured WiFi hotspot or by inserting a mobile broadband adapter, to elevate privileges and execute arbitrary code.See Also
Solution
Microsoft has released a set of patches for Windows 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS v3.0 Base Score
6.8 (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/09/13, Modification date: 2016/12/09Ports
tcp/445
- C:\Windows\system32\pnidui.dll has not been patched. Remote version : 6.3.9600.17415 Should be : 6.3.9600.18434
|
93473 - MS16-114: Security Update for Windows SMBv1 Server (3185879) |
[-/+] |
Synopsis
The remote host is affected by a remote code execution vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by a remote code execution vulnerability in the Microsoft Server Message Block 1.0 (SMBv1) Server due to improper handling of certain requests. An authenticated, remote attacker can exploit this, via specially crafted packets, to cause a denial of service condition or the execution of arbitrary code.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)CVSS Temporal Score
6.7 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/09/13, Modification date: 2016/12/09Ports
tcp/445
- C:\Windows\system32\drivers\srv.sys has not been patched. Remote version : 6.3.9600.17238 Should be : 6.3.9600.18432
|
93651 - MS16-116: Security Update in OLE Automation for VBScript Scripting Engine (3188724) |
[-/+] |
Synopsis
The remote host is affected by a remote code execution vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by a remote code execution vulnerability in the Microsoft OLE Automation mechanism and the VBScript Scripting Engine due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to execute arbitrary code in context of the current user. Note that MS16-104 must also be installed in order to fully resolve the vulnerability.See Also
Solution
Microsoft has released a set of patches for Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IReferences
Plugin Information:
Publication date: 2016/09/22, Modification date: 2016/12/09Ports
tcp/445
- C:\Windows\system32\Oleaut32.dll has not been patched. Remote version : 6.3.9600.17415 Should be : 6.3.9600.18434
|
94011 - MS16-118: Cumulative Security Update for Internet Explorer (3192887) |
[-/+] |
Synopsis
The remote host has a web browser installed that is affected by multiple vulnerabilities.Description
The version of Internet Explorer installed on the remote Windows host is missing Cumulative Security Update 3192887. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.See Also
Solution
Microsoft has released a set of patches for Internet Explorer 9, 10, and 11. Note that security update 3193515 in MS16-126 must also be installed in order to fully resolve CVE-2016-3298 on Windows Vista and Windows Server 2008.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
8.1 (CVSS:3.0/E:F/RL:O/RC:X)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/10/12, Modification date: 2016/12/09Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 3192392 - 3185331 C:\Windows\System32\Gdiplus.dll has not been patched. Remote version : 6.3.9600.18123 Should be : 6.3.9600.18468
|
94012 - MS16-123: Security Update for Windows Kernel-Mode Drivers (3192892) |
[-/+] |
Synopsis
The remote host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - Multiple elevation of privilege vulnerabilities exist in the Windows kernel-mode driver due to improper handling of objects in memory. A local attacker can exploit these, via a specially crafted application, to execute arbitrary code in kernel mode. (CVE-2016-3266, CVE-2016-3376, CVE-2016-7185, CVE-2016-7191) - An elevation of privilege vulnerability exists in Windows Transaction Manager due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to execute processes in an elevated context. (CVE-2016-3341)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.2 (CVSS:3.0/E:F/RL:O/RC:X)CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.0 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/10/12, Modification date: 2017/03/13Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 3192392 - 3185331 C:\Windows\System32\Gdiplus.dll has not been patched. Remote version : 6.3.9600.18123 Should be : 6.3.9600.18468
|
94017 - MS16-120: Security Update for Microsoft Graphics Component (3192884) |
[-/+] |
Synopsis
The remote host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - Multiple information disclosure vulnerabilities exist in the Windows GDI component due to improper handling of objects in memory. A local attacker can exploit these vulnerabilities, via a specially crafted application, to predict memory offsets in a call stack and bypass the Address Space Layout Randomization (ASLR) feature, resulting in the disclosure of memory contents. (CVE-2016-3209, CVE-2016-3262, CVE-2016-3263) - An elevation of privilege vulnerability exists in the Windows kernel due to improper handling of objects in memory. A local attacker can exploit this to elevate privileges and execute code in kernel mode. (CVE-2016-3270) - A remote code execution vulnerability exists in the Windows GDI component due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this vulnerability by convincing a user to visit a specially crafted website or open a specially crafted file, resulting in the execution of arbitrary code in the context of the current user. (CVE-2016-3393) - A remote code execution vulnerability exists in the Windows font library due to improper handling of embedded fonts. An unauthenticated, remote attacker can exploit this vulnerability by convincing a user to visit a specially crafted website or open a specially crafted document file, resulting in the execution of arbitrary code in the context of the current user. (CVE-2016-3396) - An elevation of privilege vulnerability exists in the Windows GDI component due to improper handling of objects in memory. A local attacker can exploit this to elevate privileges and execute code in kernel mode. (CVE-2016-7182)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10. Additionally, Microsoft has released a set of patches for Office 2007, Office 2010, Word Viewer, Skype for Business 2016, Lync 2010, Lync 2013, Live Meeting 2007 Console, .NET Framework 3.0 SP2, .NET Framework 3.5, .NET Framework 3.5.1, .NET Framework 4.5.2, .NET Framework 4.6, and Silverlight 5.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
8.1 (CVSS:3.0/E:F/RL:O/RC:X)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/10/12, Modification date: 2017/02/28Ports
tcp/445
- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll has not been patched. Remote version : 3.0.6920.8010 Should be : 3.0.6920.8720 The remote host is missing one of the following rollup KBs : - 3192392 - 3185331 C:\Windows\System32\Gdiplus.dll has not been patched. Remote version : 6.3.9600.18123 Should be : 6.3.9600.18468
|
94631 - MS16-130: Security Update for Microsoft Windows (3199172) |
[-/+] |
Synopsis
The remote host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update or security rollup. It is, therefore, affected by the following vulnerabilities : - A remote code execution vulnerability exists in the Windows image file handling functionality due to improper handling of image files. An unauthenticated, remote attacker can exploit this vulnerability by convincing a user to open a specially crafted image file from a web page or email message, resulting in the execution of arbitrary code in the context of the current user. (CVE-2016-7212) - An elevation of privilege vulnerability exists in Windows Input Method Editor (IME) due to improper loading of DLL files. A local attacker can exploit this, via a specially crafted application, to elevate privileges. (CVE-2016-7221) - An elevation of privilege vulnerability exists in Windows Task Scheduler due to improper handling of UNC paths. An authenticated, remote attacker can exploit this vulnerability by scheduling a new task with a specially crafted UNC path, resulting in the execution of arbitrary code with elevated system privileges. (CVE-2016-7222)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/11/08, Modification date: 2016/12/09Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 3197873 - 3197874 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.18228 Should be : 6.3.9600.18524
|
94633 - MS16-132: Security Update for Microsoft Graphics Component (3199120) |
[-/+] |
Synopsis
The remote host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the Windows Animation Manager due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this vulnerability by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user. (CVE-2016-7205) - An information disclosure vulnerability exists in the ATMFD component due to improper handling of Open Type fonts. An unauthenticated, remote attacker can exploit this vulnerability by convincing a user to visit a specially crafted website or open a specially crafted file, resulting in the disclosure of sensitive information. (CVE-2016-7210) - A remote code execution vulnerability exists in the Windows Media Foundation due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this vulnerability by convincing a user to visit a specially crafted website or open a specially crafted document, resulting in the execution of arbitrary code in the context of the current user. (CVE-2016-7217) - A remote code execution vulnerability exists in the Windows font library due to improper handling of embedded Open Type fonts. An unauthenticated, remote attacker can exploit this vulnerability by convincing a user to visit a specially crafted website or open a specially crafted document, resulting in the execution of arbitrary code in the context of the current user. (CVE-2016-7256)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
8.1 (CVSS:3.0/E:F/RL:O/RC:X)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/11/08, Modification date: 2016/12/09Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 3197873 - 3197874 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.18228 Should be : 6.3.9600.18524
|
94635 - MS16-134: Security Update for Common Log File System Driver (3193706) |
[-/+] |
Synopsis
The remote host is affected by multiple elevation of privilege vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple elevation of privilege vulnerabilities in the Windows Common Log File System (CLFS) driver due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to gain elevated privileges.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/11/08, Modification date: 2016/12/19Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 3197873 - 3197874 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.18228 Should be : 6.3.9600.18524
|
94636 - MS16-135: Security Update for Windows Kernel-Mode Drivers (3199135) |
[-/+] |
Synopsis
The remote host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the Windows kernel that allows a local attacker, via a specially crafted application, to bypass the Address Space Layout Randomization (ASLR) feature and retrieve the memory address of a kernel object. (CVE-2016-7214) - Multiple elevation of privilege vulnerabilities exist in the Windows kernel-mode driver due to improper handling of objects in memory. A local attacker can exploit these, via a specially crafted application, to execute arbitrary code in kernel mode. (CVE-2016-7215, CVE-2016-7246, CVE-2016-7255) - An information disclosure vulnerability exists in the bowser.sys kernel-mode driver due to improper handling objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2016-7218)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.Risk Factor
HighCVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.5 (CVSS:3.0/E:H/RL:O/RC:X)CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.3 (CVSS2#E:H/RL:OF/RC:ND)STIG Severity
IIReferences
Exploitable with
CANVAS (true)Core Impact (true)Plugin Information:
Publication date: 2016/11/08, Modification date: 2017/03/21Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 3197873 - 3197874 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.18228 Should be : 6.3.9600.18524
|
94638 - MS16-137: Security Update for Windows Authentication Methods (3199173) |
[-/+] |
Synopsis
The remote Windows host is affected multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in Windows Virtual Secure Mode due to improper handling of objects in memory. An authenticated, remote attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2016-7220) - A denial of service vulnerability exists in the Local Security Authority Subsystem Service (LSASS) when handling specially crafted requests. An authenticated, remote attacker can exploit this to cause the host to become non-responsive. (CVE-2016-7237) - An elevation of privilege vulnerability exists due to improper handling of NTLM password change requests. An authenticated, remote attacker can exploit this, via a specially crafted application, to gain administrative privileges. (CVE-2016-7238)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)CVSS Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)CVSS Temporal Score
7.0 (CVSS2#E:POC/RL:OF/RC:C)References
Exploitable with
Core Impact (true)Plugin Information:
Publication date: 2016/11/08, Modification date: 2017/03/08Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 3197873 - 3197874 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.18228 Should be : 6.3.9600.18524
|
94639 - MS16-138: Security Update for Microsoft Virtual Hard Disk Driver (3199647) |
[-/+] |
Synopsis
The remote host is affected by multiple elevation of privilege vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple elevation of privilege vulnerabilities in the Windows Virtual Hard Disk Driver due to improper handling of user access to certain files. A local attacker can exploit these, via a specially crafted application, to manipulate files not intended to be available to the user.See Also
Solution
Microsoft has released a set of patches for Windows 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.Risk Factor
HighCVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.0 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/11/08, Modification date: 2016/12/09Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 3197873 - 3197874 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.18228 Should be : 6.3.9600.18524
|
94641 - MS16-140: Security Update for Boot Manager (3193479) |
[-/+] |
Synopsis
The remote host is affected by a security bypass vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected a security bypass vulnerability in Windows Secure Boot due to the use of an insecure boot policy in firmware. A local attacker can exploit this issue to disable code integrity checks, allowing test-signed executables and drivers to be loaded onto a target device.See Also
Solution
Microsoft has released a set of patches for Windows 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.Risk Factor
HighCVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/11/08, Modification date: 2016/12/09Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 3197873 - 3197874 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.18228 Should be : 6.3.9600.18524
|
94643 - MS16-142: Cumulative Security Update for Internet Explorer (3198467) |
[-/+] |
Synopsis
The remote host has a web browser installed that is affected by multiple vulnerabilities.Description
The version of Internet Explorer installed on the remote Windows host is missing Cumulative Security Update 3198467. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.See Also
Solution
Microsoft has released a set of patches for Internet Explorer 9, 10, and 11.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/11/08, Modification date: 2016/12/19Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 3197873 - 3197874 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.18228 Should be : 6.3.9600.18524
|
95764 - MS16-144: Cumulative Security Update for Internet Explorer (3204059) |
[-/+] |
Synopsis
The remote host has a web browser installed that is affected by multiple vulnerabilities.Description
The version of Internet Explorer installed on the remote Windows host is missing Cumulative Security Update 3204059. It is, therefore, affected by multiple vulnerabilities, the most severe of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.See Also
Solution
Microsoft has released a set of patches for Internet Explorer 9, 10, and 11. Note that security update 3208481 in MS16-144 must also be installed in order to fully resolve CVE-2016-7278 on Windows Vista and Windows Server 2008.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.9 (CVSS:3.0/E:P/RL:O/RC:C)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/12/13, Modification date: 2017/03/20Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 3205400 - 3205401 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.18228 Should be : 6.3.9600.18533
|
95765 - MS16-146: Security Update for Microsoft Graphics Component (3204066) |
[-/+] |
Synopsis
The remote Windows host is affected multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the Windows GDI component due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted document file, to disclose the contents of memory. (CVE-2016-7257) - Multiple remote code execution vulnerabilities exist in the Windows Graphics Component due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted document file, to execute arbitrary code in the context of the current user. (CVE-2016-7272, CVE-2016-7273)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/12/13, Modification date: 2016/12/19Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 3205400 - 3205401 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.18228 Should be : 6.3.9600.18533
|
95766 - MS16-147: Security Update for Microsoft Uniscribe (3204063) |
[-/+] |
Synopsis
The remote host is affected by a remote code execution vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by a remote code execution vulnerability in Windows Uniscribe due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this vulnerability by convincing a user to visit a specially crafted website or open a specially crafted document, resulting in the execution of arbitrary code in the context of the current user.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/12/13, Modification date: 2016/12/19Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 3205400 - 3205401 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.18228 Should be : 6.3.9600.18533
|
95768 - MS16-151: Security Update for Windows Kernel-Mode Drivers (3205651) |
[-/+] |
Synopsis
The remote host is affected by multiple elevation of privilege vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple elevation of privilege vulnerabilities : - An elevation of privilege vulnerability exists in the Windows Graphics Component due to improper handling of objects in memory. A local attacker can exploit this vulnerability, via a specially crafted application, to execute arbitrary code in an elevated context. (CVE-2016-7259) - An elevation of privilege vulnerability exists in the Windows kernel-mode driver due to improper handling of objects in memory. A local attacker can exploit this vulnerability, via a specially crafted application, to execute arbitrary code in kernel mode. (CVE-2016-7260)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.Risk Factor
HighCVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.0 (CVSS:3.0/E:P/RL:O/RC:C)CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.6 (CVSS2#E:POC/RL:OF/RC:C)STIG Severity
IIReferences
Exploitable with
Core Impact (true)Plugin Information:
Publication date: 2016/12/13, Modification date: 2017/01/18Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 3205400 - 3205401 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.18228 Should be : 6.3.9600.18533
|
95813 - MS16-149: Security Update for Microsoft Windows (3205655) |
[-/+] |
Synopsis
The remote Windows host is affected multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in a Windows Crypto driver running in kernel mode due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2016-7219) - An elevation of privilege vulnerability exists in the Windows installer due to improper sanitization of input, leading to insecure library loading behavior. A local attacker can exploit this to run arbitrary code with elevated system privileges. (CVE-2016-7292)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.Risk Factor
HighCVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/12/14, Modification date: 2017/01/11Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 3205400 - 3205401 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.18228 Should be : 6.3.9600.18533
|
97729 - MS17-006: Cumulative Security Update for Internet Explorer (4013073) |
[-/+] |
Synopsis
The remote host has a web browser installed that is affected by multiple vulnerabilities.Description
The version of Internet Explorer installed on the remote Windows host is missing Cumulative Security Update 4013073. It is, therefore, affected by multiple vulnerabilities, the most severe of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.See Also
Solution
Microsoft has released a set of patches for Internet Explorer 9, 10, and 11. Note that security update 3218362 in MS17-006 must also be installed in order to fully resolve CVE-2017-0008 on Windows Vista and Windows Server 2008.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:ND)STIG Severity
IIReferences
Plugin Information:
Publication date: 2017/03/14, Modification date: 2017/03/21Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 4012204 - 4012216 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.18228 Should be : 6.3.9600.18603
|
97731 - MS17-009: Security Update for Microsoft Windows PDF Library (4010319) |
[-/+] |
Synopsis
The remote Windows host is affected by a remote code execution vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by a remote code execution vulnerability in the Windows PDF Library due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this vulnerability, by convincing a user to open a specially crafted PDF file or visit a website containing specially crafted PDF content, to execute arbitrary code.See Also
Solution
Microsoft has released a set of patches for Windows 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2017/03/14, Modification date: 2017/03/20Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 4012213 - 4012216 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.18228 Should be : 6.3.9600.18603
|
97732 - MS17-011: Security Update for Microsoft Uniscribe (4013076) |
[-/+] |
Synopsis
The remote host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - Multiple remote code execution vulnerabilities exist in Windows Uniscribe due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit these to execute arbitrary code by convincing a user to view a specially crafted website or open a specially crafted document file. (CVE-2017-0072, CVE-2017-0083, CVE-2017-0084, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, CVE-2017-0089, CVE-2017-0090) - Multiple information disclosure vulnerabilities exist in Windows Uniscribe that allow an unauthenticated, remote attacker to gain access to sensitive information by convincing a user to view a specially crafted website or open a specially crafted document file. (CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, CVE-2017-0128)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2017/03/14, Modification date: 2017/03/20Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 4012213 - 4012216 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.18228 Should be : 6.3.9600.18603
|
97733 - MS17-017: Security Update for Windows Kernel (4013081) |
[-/+] |
Synopsis
The remote Windows host is affected multiple elevation of privilege vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple elevation of privilege vulnerabilities : - An elevation of privilege vulnerability exists in the Windows Kernel API due to improper enforcement of permissions. A local attacker can exploit this, via a specially crafted application, to run processes in an elevated context. (CVE-2017-0050) - An elevation of privilege vulnerability exists in the Windows Transaction Manager due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to run processes in an elevated context. (CVE-2017-0101) - An elevation of privilege vulnerability exists due to a failure to check the length of a buffer prior to copying memory. A local attacker can exploit this, by copying a file to a shared folder or drive, to gain elevated privileges. (CVE-2017-0102) - An elevation of privilege vulnerability exists in the Windows Kernel API due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to gain elevated privileges. (CVE-2017-0103)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.Risk Factor
HighCVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2017/03/14, Modification date: 2017/03/20Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 4012213 - 4012216 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.18228 Should be : 6.3.9600.18603
|
97738 - MS17-018: Security Update for Windows Kernel-Mode Drivers (4013083) |
[-/+] |
Synopsis
The remote Windows host is affected multiple elevation of privilege vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple elevation of privilege vulnerabilities in the Windows kernel-mode driver due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to run arbitrary code in kernel mode.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.Risk Factor
HighCVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2017/03/15, Modification date: 2017/03/20Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 4012213 - 4012216 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.18228 Should be : 6.3.9600.18603
|
97794 - MS17-013: Security Update for Microsoft Graphics Component (4013075) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - Multiple elevation of privilege vulnerabilities exist in the Windows Graphics Device Interface (GDI) component due to improper handling of objects in memory. A local attacker can exploit these vulnerabilities, via a specially crafted application, to execute arbitrary code in kernel mode. (CVE-2017-0001, CVE-2017-0005, CVE-2017-0025, CVE-2017-0047) - Multiple remote code execution vulnerabilities exist in the Windows Graphics component due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit these vulnerabilities, by convincing a user to visit a specially crafted web page or open a specially crafted document, to execute arbitrary code. (CVE-2017-0014, CVE-2017-0108) - An information disclosure vulnerability exists in the Windows Graphics Device Interface (GDI) component due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted web page or open a specially crafted document, to disclose the contents of memory. (CVE-2017-0038) - Multiple information disclosure vulnerabilities exist in the Windows Graphics Device Interface (GDI) component due to improper handling of memory addresses. A local attacker can exploit these vulnerabilities, via a specially crafted application, to disclose sensitive information. (CVE-2017-0060, CVE-2017-0062, CVE-2017-0073) - Multiple information disclosure vulnerabilities exist in the Color Management Module (ICM32.dll) due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted web page, to disclose sensitive information and bypass usermode Address Space Layout Randomization (ASLR). (CVE-2017-0061, CVE-2017-0063)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016. Additionally, Microsoft has released a set of patches for Office 2007, Office 2010, Word Viewer, Skype for Business 2016, Lync 2010, Lync 2010 Attendee, Lync 2013, Lync Basic 2013, Live Meeting 2007 Console, and Silverlight 5.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:ND)STIG Severity
IIReferences
Plugin Information:
Publication date: 2017/03/17, Modification date: 2017/03/22Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 4012213 - 4012216 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.18228 Should be : 6.3.9600.18603
|
78447 - MS KB3009008: Vulnerability in SSL 3.0 Could Allow Information Disclosure (POODLE) |
[-/+] |
Synopsis
The remote host is affected by a remote information disclosure vulnerability.Description
The remote host is missing one of the workarounds referenced in the Microsoft Security Advisory 3009008. If the client registry key workaround has not been applied, any client software installed on the remote host (including IE) is affected by an information disclosure vulnerability when using SSL 3.0. If the server registry key workaround has not been applied, any server software installed on the remote host (including IIS) is affected by an information disclosure vulnerability when using SSL 3.0. SSL 3.0 uses nondeterministic CBC padding, which allows a man-in-the-middle attacker to decrypt portions of encrypted traffic using a 'padding oracle' attack. This is also known as the 'POODLE' issue.See Also
Solution
Apply the client registry key workaround and the server registry key workaround suggested by Microsoft in the advisory.Risk Factor
MediumCVSS Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)CVSS Temporal Score
3.1 (CVSS2#E:U/RL:TF/RC:UR)References
Plugin Information:
Publication date: 2014/10/15, Modification date: 2016/08/30Ports
tcp/445
The workaround to disable SSL 3.0 for all server software installed on the remote host has not been applied. The workaround to disable SSL 3.0 for all client software installed on the remote host has not been applied.
|
90440 - MS16-047: Security Update for SAM and LSAD Remote Protocols (3148527) (Badlock) |
[-/+] |
Synopsis
The remote Windows host is affected by an elevation of privilege vulnerability.Description
The remote Windows host is affected by an elevation of privilege vulnerability in the Security Account Manager (SAM) and Local Security Authority (Domain Policy) (LSAD) protocols due to improper authentication level negotiation over Remote Procedure Call (RPC) channels. A man-in-the-middle attacker able to intercept communications between a client and a server hosting a SAM database can exploit this to force the authentication level to downgrade, allowing the attacker to impersonate an authenticated user and access the SAM database.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
MediumCVSS Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)CVSS Temporal Score
5.6 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IReferences
| BID |
86002
|
| CVE |
CVE-2016-0128
|
| XREF |
OSVDB:136339 |
| XREF |
MSFT:MS16-047 |
| XREF |
CERT:813296 |
| XREF |
IAVA:2016-A-0093 |
Plugin Information:
Publication date: 2016/04/12, Modification date: 2016/07/19Ports
tcp/445
- C:\Windows\system32\lsasrv.dll has not been patched. Remote version : 6.3.9600.18154 Should be : 6.3.9600.18267
|
91014 - MS16-065: Security Update for .NET Framework (3156757) |
[-/+] |
Synopsis
The remote Windows host is affected by an information disclosure vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by an information disclosure vulnerability in the .NET Framework encryption component. A man-in-the-middle attacker can exploit this vulnerability by injecting unencrypted data into the secure channel between a targeted client and a legitimate server, allowing the attacker to decrypt encrypted SSL/TLS traffic.See Also
Solution
Microsoft has released a set of patches for Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1.Risk Factor
MediumCVSS Base Score
5.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)CVSS Temporal Score
4.3 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/05/10, Modification date: 2016/07/13Ports
tcp/445
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\system.dll has not been patched. Remote version : 2.0.50727.8009 Should be : 2.0.50727.8686 - C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.dll has not been patched. Remote version : 4.6.1055.0 Should be : 4.6.1075.0
|
91016 - MS16-067: Security Update for Volume Manager Driver (3155784) |
[-/+] |
Synopsis
The remote host is affected by an information disclosure vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by an information disclosure vulnerability due to a failure to correctly tie the session of the mounting user to the USB disk being mounted. This issue occurs when the USB disk is mounted over the Remote Desktop Protocol (RDP) via RemoteFX. An attacker can exploit this to access the file and directory information on the mounted USB disk.See Also
Solution
Microsoft has released a set of patches for Windows 2012, 8.1, RT 8.1, and 2012 R2.Risk Factor
MediumCVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)CVSS Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/05/10, Modification date: 2016/07/13Ports
tcp/445
- C:\Windows\system32\drivers\volmgr.sys has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18302
|
91045 - MS KB3155527: Update to Cipher Suites for FalseStart |
[-/+] |
Synopsis
The remote Windows host is affected by a cipher downgrade vulnerability.Description
The remote Windows host is affected by a cipher downgrade vulnerability in FalseStart due to allowing TLS clients to send application data before receiving and verifying the server 'Finished' message. A man-in-the-middle attacker can exploit this to force a TLS client to encrypt the first flight of application_data records using an attacker's chosen cipher suite from the client's list.See Also
Solution
Microsoft has released a set of patches for Windows 2012, 8.1, 2012 R2, and 10.Risk Factor
MediumCVSS Base Score
5.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)Plugin Information:
Publication date: 2016/05/11, Modification date: 2016/05/11Ports
tcp/445
- C:\Windows\system32\schannel.dll has not been patched. Remote version : 6.3.9600.18154 Should be : 6.3.9600.18298
|
91608 - MS16-081: Security Update for Active Directory (3160352) |
[-/+] |
Synopsis
The remote host is affected by a denial of service vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by a denial of service vulnerability in Active Directory. An authenticated, remote attacker can exploit this, via the creation of multiple machine accounts, to cause the Active Directory service to stop responding. Note that an attacker must have access to an account that has privileges to join machines to the domain in order to exploit this vulnerability.See Also
Solution
Microsoft has released a set of patches for Windows 2008 R2, 2012, and 2012 R2.Risk Factor
MediumCVSS Base Score
4.0 (CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P)CVSS Temporal Score
3.0 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/06/14, Modification date: 2016/07/13Ports
tcp/445
- C:\Windows\system32\Ntdsai.dll has not been patched. Remote version : 6.3.9600.18009 Should be : 6.3.9600.18331
|
91609 - MS16-082: Security Update for Microsoft Windows Search Component (3165270) |
[-/+] |
Synopsis
The remote host is affected by a denial of service vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by a flaw in the Windows Search component due to improper handling of objects in memory. An authenticated attacker can exploit this to degrade server performance, resulting in a denial of service condition.See Also
Solution
Microsoft has released a set of patches for Windows 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10Risk Factor
MediumCVSS Base Score
4.0 (CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P)CVSS Temporal Score
3.0 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/06/14, Modification date: 2016/07/13Ports
tcp/445
- C:\Windows\system32\structuredquery.dll has not been patched. Remote version : 7.0.9600.17415 Should be : 7.0.9600.18334
|
92022 - MS16-091: Security Update for .NET Framework (3170048) |
[-/+] |
Synopsis
The remote Windows host is affected by an information disclosure vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by an information disclosure vulnerability in .NET Framework due to improper processing of XML input containing a reference to an external entity. An unauthenticated, remote attacker can exploit this, via specially crafted XML data, to read arbitrary files.See Also
Solution
Microsoft has released a set of patches for Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1.Risk Factor
MediumCVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)CVSS Temporal Score
4.1 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/07/12, Modification date: 2016/07/18Ports
tcp/445
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\system.data.dll has not been patched. Remote version : 2.0.50727.8007 Should be : 2.0.50727.8692 - C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.data.dll has not been patched. Remote version : 4.6.1055.0 Should be : 4.6.1082.0
|
93474 - MS16-115: Security Update for Microsoft Windows PDF Library (3188733) |
[-/+] |
Synopsis
The remote Windows host is affected by an information disclosure vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple information disclosure vulnerabilities in the Windows PDF Library due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this vulnerability, by convincing a user to open a specially crafted PDF file or visit a website containing specially crafted PDF content, to disclose sensitive information from memory.See Also
Solution
Microsoft has released a set of patches for Windows 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
MediumCVSS v3.0 Base Score
4.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)CVSS v3.0 Temporal Score
3.9 (CVSS:3.0/E:P/RL:O/RC:C)CVSS Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)CVSS Temporal Score
3.4 (CVSS2#E:POC/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/09/13, Modification date: 2016/12/09Ports
tcp/445
- C:\Windows\system32\windows.data.pdf.dll has not been patched. Remote version : 6.3.9600.18229 Should be : 6.3.9600.18454
|
97736 - MS17-021: Security Update for Windows DirectShow (4010318) |
[-/+] |
Synopsis
The remote Windows host is affected by an information disclosure vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by an information disclosure vulnerability in Windows DirectShow due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a website containing specially crafted media content, to disclose sensitive information.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016. Note that the Microsoft Bulletin contains contradictory information regarding the Windows 2012 Security Only Update and the Windows 2012 Monthly Rollup Update. These updates may not resolve the vulnerability. Please contact Microsoft for clarification if you are running Windows 2012.Risk Factor
MediumCVSS v3.0 Base Score
4.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)CVSS Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
| CVE |
CVE-2017-0042
|
| XREF |
OSVDB:153672 |
| XREF |
MSFT:MS17-021 |
| XREF |
IAVB:2017-B-0031 |
Plugin Information:
Publication date: 2017/03/15, Modification date: 2017/03/20Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 4012213 - 4012216 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.18228 Should be : 6.3.9600.18603
|
97741 - MS17-016: Security Update for Windows IIS (4013074) |
[-/+] |
Synopsis
The remote Windows host is affected by a cross-site scripting vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by a cross-site scripting (XSS) vulnerability due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.Risk Factor
MediumCVSS v3.0 Base Score
4.7 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)CVSS Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)CVSS Temporal Score
3.6 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IIReferences
Plugin Information:
Publication date: 2017/03/15, Modification date: 2017/03/20Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 4012213 - 4012216 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.18228 Should be : 6.3.9600.18603
|
97742 - MS17-022: Security Update for Microsoft XML Core Services (4010321) |
[-/+] |
Synopsis
The remote host is affected by an information disclosure vulnerability.Description
The remote Windows host is affected by an information disclosure vulnerability in Microsoft XML Core Services (MSXML) due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this vulnerability, by convincing a user to visit a specially crafted website, to test for the presence of files on disk.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.Risk Factor
MediumCVSS v3.0 Base Score
4.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)CVSS Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)CVSS Temporal Score
3.2 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2017/03/15, Modification date: 2017/03/20Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 4012213 - 4012216 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.18228 Should be : 6.3.9600.18603
|
11457 - Microsoft Windows SMB Registry : Winlogon Cached Password Weakness |
[-/+] |
Synopsis
User credentials are stored in memory.Description
The registry key 'HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ Winlogon\CachedLogonsCount' is non-NULL. Using a non-NULL value for the CachedLogonsCount key indicates that the remote Windows host locally caches the passwords of the users when they login, in order to continue to allow the users to login in the case of the failure of the primary domain controller (PDC).See Also
Solution
Use regedt32 and set the value of this registry key to 0.Risk Factor
LowCVSS Base Score
2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)Plugin Information:
Publication date: 2003/03/24, Modification date: 2016/06/24Ports
tcp/445
Max cached logons : 10
|
94013 - MS16-124: Security Update for Windows Registry (3193227) |
[-/+] |
Synopsis
The remote host is affected by multiple information disclosure vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple information disclosure vulnerabilities in the kernel API that allow a local attacker, via a specially crafted application, to disclose sensitive registry information.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
LowCVSS v3.0 Base Score
3.3 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)CVSS Base Score
2.1 (CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N)CVSS Temporal Score
1.7 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/10/12, Modification date: 2016/12/09Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 3185331 - 3192392 C:\Windows\System32\Gdiplus.dll has not been patched. Remote version : 6.3.9600.18123 Should be : 6.3.9600.18468
|
95770 - MS16-153: Security Update for Common Log File System Driver (3207328) |
[-/+] |
Synopsis
The remote host is affected by an information disclosure vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by an information disclosure vulnerability in the Windows Common Log File System (CLFS) due to improper handling of objects in memory. A local attacker can exploit this vulnerability, via a specially crafted application, to bypass security measures and disclose sensitive information.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.Risk Factor
LowCVSS v3.0 Base Score
5.5 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)CVSS v3.0 Temporal Score
4.8 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
2.1 (CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N)CVSS Temporal Score
1.6 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/12/13, Modification date: 2016/12/19Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 3205400 - 3205401 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.18228 Should be : 6.3.9600.18533
|
10394 - Microsoft Windows SMB Log In Possible |
[-/+] |
Synopsis
It was possible to log into the remote host.Description
The remote host is running a Microsoft Windows operating system or Samba, a CIFS/SMB server for Unix. It was possible to log into it using one of the following accounts : - NULL session - Guest account - Supplied credentialsSee Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2000/05/09, Modification date: 2017/01/19Ports
tcp/445
- NULL sessions are enabled on the remote host. - The SMB tests will be done as Administrator/******
|
10395 - Microsoft Windows SMB Shares Enumeration |
[-/+] |
Synopsis
It is possible to enumerate remote network shares.Description
By connecting to the remote host, Nessus was able to enumerate the network share names.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2000/05/09, Modification date: 2015/01/12Ports
tcp/445
Here are the SMB shares available on the remote host when logged in as Administrator: - ADMIN$ - C$ - IPC$ - NETLOGON - nmdfs - SYSVOL
|
10396 - Microsoft Windows SMB Shares Access |
[-/+] |
Synopsis
It is possible to access a network share.Description
The remote has one or more Windows shares that can be accessed through the network with the given credentials. Depending on the share rights, it may allow an attacker to read / write confidential data.Solution
To restrict access under Windows, open Explorer, do a right click on each share, go to the 'sharing' tab, and click on 'permissions'.Risk Factor
NoneReferences
Plugin Information:
Publication date: 2000/05/09, Modification date: 2015/11/18Ports
tcp/445
The following shares can be accessed as Administrator : - SYSVOL - (readable,writable) + Content of this share : .. bld01sec.se - ADMIN$ - (readable,writable) + Content of this share : .. $Reconfig$ ADFS ADWS AppCompat apppatch AppReadiness assembly bfsvc.exe Boot bootstat.dat Branding CbsTemp certenroll.log certocm.log Cursors debug DesktopTileResources DfsrAdmin.exe DfsrAdmin.exe.config diagerr.xml diagnostics diagwrn.xml DigitalLocker Downloaded Program Files drivers DtcInstall.log ELAMBKUP en-US explorer.exe Fonts Globalization Help HelpPane.exe hh.exe IME ImmersiveControlPanel Inf InputMethod Installer krb5.ini krb5.keytab L2Schemas LiveKernelReports Logs media mib.bin Microsoft.NET ModemLogs NTDS Offline Web Pages Panther PFRO.log PLA PolicyDefinitions Provisioning regedit.exe Registration RemotePackages rescache Resources SchCache schemas security ServerStandard.xml ServerWeb.xml ServiceProfiles servicing Setup setupact.log setuperr.log SoftwareDistribution Speech splwow64.exe System system.ini System32 SystemResources SYSVOL SysWOW64 TAPI Tasks Temp ToastData tracing vmgcoinstall.log Vss Web win.ini WindowsShell.Manifest WindowsUpdate.log winhlp32.exe WinSxS - C$ - (readable,writable) + Content of this share : .rnd Boot bootmgr BOOTNXT BOOTSECT.BAK DFSRoots Documents and Settings pagefile.sys Program Files Program Files (x86) ProgramData Recovery System Volume Information Temp Users Windows - NETLOGON - (readable,writable) + Content of this share : .. installed.txt netstat.txtx service-status.txt systemctl.txt users.txt - nmdfs - (readable) + Content of this share : .. cim de public scada
|
10398 - Microsoft Windows SMB LsaQueryInformationPolicy Function NULL Session Domain SID Enumeration |
[-/+] |
Synopsis
It was possible to obtain the domain SID.Description
By emulating the call to LsaQueryInformationPolicy(), it was possible to obtain the domain SID (Security Identifier). The domain SID can then be used to get the list of users of the domain.Solution
n/aRisk Factor
NoneReferences
Plugin Information:
Publication date: 2000/05/09, Modification date: 2016/11/15Ports
tcp/445
The remote domain SID value is : 1-5-21-2770019732-1922860174-1796585773
|
10399 - SMB Use Domain SID to Enumerate Users |
[-/+] |
Synopsis
Nessus was able to enumerate domain users.Description
Using the domain security identifier (SID), Nessus was able to enumerate the domain users on the remote Windows system.Solution
n/aRisk Factor
NoneReferences
Plugin Information:
Publication date: 2000/05/09, Modification date: 2017/02/02Ports
tcp/445
- Administrator (id 500, Administrator account) - krbtgt (id 502, Kerberos account) - Guest (id 501, Guest account) - BLDAD01$ (id 1001) - BLDDE01$ (id 1104) - de400$ (id 1105) - hisspd (id 1110) - netman (id 1111) - oracle (id 1112) - nmoper (id 1113) - nmuser (id 1114) - nmadmin (id 1115) - nmsbldad01$ (id 1116) - nmsbldde01$ (id 1117) - nmsNMSCADAbldas01$ (id 1118) - hostbldas01$ (id 1119) - nmsNMSCADAbldas02$ (id 1120) - hostbldas02$ (id 1121) - nmsORADBbldas01$ (id 1122) - nmsORADBbldas02$ (id 1123) - linux-ldap-user (id 1124) - ws500 (id 1125) - sadmin (id 1126) - operator1 (id 1127) - operator2 (id 1128) - operator3 (id 1129) - operator4 (id 1130) - operator5 (id 1131) - operator6 (id 1132) - operator7 (id 1133) - instructor (id 1134) - is500 (id 1135) - NmScadaFileUser (id 1136) - udwexplorer$ (id 1141) - pcu400$ (id 1142) Note that, in addition to the Administrator, Guest, and Kerberos accounts, Nessus has enumerated only those domain users with IDs between 1000 and 1200. To use a different range, edit the scan policy and change the 'Start UID' and/or 'End UID' preferences for this plugin, then re-run the scan.
|
10400 - Microsoft Windows SMB Registry Remotely Accessible |
[-/+] |
Synopsis
Access the remote Windows Registry.Description
It was possible to access the remote Windows Registry using the login / password combination used for the Windows local checks (SMB tests).Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2000/05/09, Modification date: 2015/01/12Ports
tcp/445
|
10413 - Microsoft Windows SMB Registry : Remote PDC/BDC Detection |
[-/+] |
Synopsis
The remote system is a Domain Controller.Description
The remote host seems to be a Primary Domain Controller or a Backup Domain Controller. This can be verified by the value of the registry key 'ProductType' under 'HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions'.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2000/05/20, Modification date: 2015/01/12Ports
tcp/445
|
10456 - Microsoft Windows SMB Service Enumeration |
[-/+] |
Synopsis
It is possible to enumerate remote services.Description
This plugin implements the SvcOpenSCManager() and SvcEnumServices() calls to obtain, using the SMB protocol, the list of active and inactive services of the remote host. An attacker may use this feature to gain better knowledge of the remote host.Solution
To prevent the listing of the services from being obtained, you should either have tight login restrictions, so that only trusted users can access your host, and/or you should filter incoming traffic to this port.Risk Factor
NonePlugin Information:
Publication date: 2000/07/03, Modification date: 2015/01/12Ports
tcp/445
Active Services : Active Directory Web Services [ ADWS ] Application Management [ AppMgmt ] AppX Deployment Service (AppXSVC) [ AppXSvc ] Base Filtering Engine [ BFE ] Background Tasks Infrastructure Service [ BrokerInfrastructure ] Certificate Propagation [ CertPropSvc ] Active Directory Certificate Services [ CertSvc ] COM+ System Application [ COMSysApp ] Cryptographic Services [ CryptSvc ] DCOM Server Process Launcher [ DcomLaunch ] DFS Namespace [ Dfs ] DFS Replication [ DFSR ] DHCP Client [ Dhcp ] DHCP Server [ DHCPServer ] DNS Server [ DNS ] DNS Client [ Dnscache ] Diagnostic Policy Service [ DPS ] Windows Event Log [ EventLog ] COM+ Event System [ EventSystem ] Windows Font Cache Service [ FontCache ] Group Policy Client [ gpsvc ] IKE and AuthIP IPsec Keying Modules [ IKEEXT ] IP Helper [ iphlpsvc ] Intersite Messaging [ IsmServ ] Kerberos Key Distribution Center [ Kdc ] Microsoft Key Distribution Service [ KdsSvc ] CNG Key Isolation [ KeyIso ] Server [ LanmanServer ] Workstation [ LanmanWorkstation ] TCP/IP NetBIOS Helper [ lmhosts ] Local Session Manager [ LSM ] Windows Firewall [ MpsSvc ] Distributed Transaction Coordinator [ MSDTC ] Netlogon [ Netlogon ] Network Connections [ Netman ] Network List Service [ netprofm ] Network Location Awareness [ NlaSvc ] Network Store Interface Service [ nsi ] Active Directory Domain Services [ NTDS ] Plug and Play [ PlugPlay ] IPsec Policy Agent [ PolicyAgent ] Power [ Power ] User Profile Service [ ProfSvc ] Remote Registry [ RemoteRegistry ] RPC Endpoint Mapper [ RpcEptMapper ] Remote Procedure Call (RPC) [ RpcSs ] Security Accounts Manager [ SamSs ] Task Scheduler [ Schedule ] System Event Notification Service [ SENS ] Remote Desktop Configuration [ SessionEnv ] Shell Hardware Detection [ ShellHWDetection ] SNMP Service [ SNMP ] Print Spooler [ Spooler ] System Events Broker [ SystemEventsBroker ] Remote Desktop Services [ TermService ] Themes [ Themes ] User Access Logging Service [ UALSVC ] Remote Desktop Services UserMode Port Redirector [ UmRdpService ] Virtual Disk [ vds ] VMware Alias Manager and Ticket Service [ VGAuthService ] VMware Tools [ VMTools ] Windows Time [ W32Time ] Windows Connection Manager [ Wcmsvc ] Windows Management Instrumentation [ Winmgmt ] Windows Remote Management (WS-Management) [ WinRM ] nxlog [ nxlog ] Inactive Services : Application Experience [ AeLookupSvc ] Application Layer Gateway Service [ ALG ] Application Identity [ AppIDSvc ] Application Information [ Appinfo ] App Readiness [ AppReadiness ] Windows Audio Endpoint Builder [ AudioEndpointBuilder ] Windows Audio [ Audiosrv ] Background Intelligent Transfer Service [ BITS ] Computer Browser [ Browser ] Optimize drives [ defragsvc ] Device Association Service [ DeviceAssociationService ] Device Install Service [ DeviceInstall ] Wired AutoConfig [ dot3svc ] Device Setup Manager [ DsmSvc ] DS Role Server [ DsRoleSvc ] Extensible Authentication Protocol [ Eaphost ] Encrypting File System (EFS) [ EFS ] Function Discovery Provider Host [ fdPHost ] Function Discovery Resource Publication [ FDResPub ] Windows Presentation Foundation Font Cache 3.0.0.0 [ FontCache3.0.0.0 ] Human Interface Device Service [ hidserv ] Health Key and Certificate Management [ hkmsvc ] Internet Explorer ETW Collector Service [ IEEtwCollectorService ] KDC Proxy Server service (KPS) [ KPSSVC ] KtmRm for Distributed Transaction Coordinator [ KtmRm ] Link-Layer Topology Discovery Mapper [ lltdsvc ] Multimedia Class Scheduler [ MMCSS ] Microsoft iSCSI Initiator Service [ MSiSCSI ] Windows Installer [ msiserver ] Network Access Protection Agent [ napagent ] Network Connectivity Assistant [ NcaSvc ] Net.Tcp Port Sharing Service [ NetTcpPortSharing ] File Replication [ NtFrs ] Performance Counter DLL Host [ PerfHost ] Performance Logs & Alerts [ pla ] Printer Extensions and Notifications [ PrintNotify ] Remote Access Auto Connection Manager [ RasAuto ] Remote Access Connection Manager [ RasMan ] Routing and Remote Access [ RemoteAccess ] Remote Procedure Call (RPC) Locator [ RpcLocator ] Resultant Set of Policy Provider [ RSoPProv ] Special Administration Console Helper [ sacsvr ] Smart Card [ SCardSvr ] Smart Card Device Enumeration Service [ ScDeviceEnum ] Smart Card Removal Policy [ SCPolicySvc ] Secondary Logon [ seclogon ] Internet Connection Sharing (ICS) [ SharedAccess ] Microsoft Storage Spaces SMP [ smphost ] SNMP Trap [ SNMPTRAP ] Software Protection [ sppsvc ] SSDP Discovery [ SSDPSRV ] Secure Socket Tunneling Protocol Service [ SstpSvc ] Spot Verifier [ svsvc ] Microsoft Software Shadow Copy Provider [ swprv ] Superfetch [ SysMain ] Telephony [ TapiSrv ] Thread Ordering Server [ THREADORDER ] Storage Tiers Management [ TieringEngineService ] TP AutoConnect Service [ TPAutoConnSvc ] TP VC Gateway Service [ TPVCGateway ] Distributed Link Tracking Client [ TrkWks ] Windows Modules Installer [ TrustedInstaller ] Interactive Services Detection [ UI0Detect ] UPnP Device Host [ upnphost ] Credential Manager [ VaultSvc ] Hyper-V Guest Service Interface [ vmicguestinterface ] Hyper-V Heartbeat Service [ vmicheartbeat ] Hyper-V Data Exchange Service [ vmickvpexchange ] Hyper-V Remote Desktop Virtualization Service [ vmicrdv ] Hyper-V Guest Shutdown Service [ vmicshutdown ] Hyper-V Time Synchronization Service [ vmictimesync ] Hyper-V Volume Shadow Copy Requestor [ vmicvss ] VMware Snapshot Provider [ vmvss ] Volume Shadow Copy [ VSS ] Windows Color System [ WcsPlugInService ] Diagnostic Service Host [ WdiServiceHost ] Diagnostic System Host [ WdiSystemHost ] Windows Event Collector [ Wecsvc ] Windows Encryption Provider Host Service [ WEPHOSTSVC ] Problem Reports and Solutions Control Panel Support [ wercplsupport ] Windows Error Reporting Service [ WerSvc ] WinHTTP Web Proxy Auto-Discovery Service [ WinHttpAutoProxySvc ] WMI Performance Adapter [ wmiApSrv ] Portable Device Enumerator Service [ WPDBusEnum ] Windows Store Service (WSService) [ WSService ] Windows Update [ wuauserv ] Windows Driver Foundation - User-mode Driver Framework [ wudfsvc ]
|
10736 - DCE Services Enumeration |
[-/+] |
Synopsis
A DCE/RPC service is running on the remote host.Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2001/08/26, Modification date: 2014/05/12Ports
tcp/445
The following DCERPC services are available remotely : Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91 UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0 Description : Unknown RPC service Type : Remote RPC service Named pipe : \PIPE\InitShutdown Netbios name : \\BLDAD01 Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000 UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0 Description : Unknown RPC service Type : Remote RPC service Named pipe : \PIPE\InitShutdown Netbios name : \\BLDAD01 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 Description : Unknown RPC service Type : Remote RPC service Named pipe : \pipe\LSM_API_service Netbios name : \\BLDAD01 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 91ae6020-9e3c-11cf-8d7c-00aa00c091be, version 0.0 Description : Certificate Service Windows process : unknown Type : Remote RPC service Named pipe : \pipe\cert Netbios name : \\BLDAD01 Object UUID : 7364746e-0000-0000-0000-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Remote RPC service Named pipe : \pipe\lsass Netbios name : \\BLDAD01 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : e3514235-4b06-11d1-ab04-00c04fc2dcd2, version 4.0 Description : Active Directory Replication Interface Windows process : unknown Annotation : MS NT Directory DRS Interface Type : Remote RPC service Named pipe : \pipe\lsass Netbios name : \\BLDAD01 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : e3514235-4b06-11d1-ab04-00c04fc2dcd2, version 4.0 Description : Active Directory Replication Interface Windows process : unknown Annotation : MS NT Directory DRS Interface Type : Remote RPC service Named pipe : \pipe\c52e529144e5206e Netbios name : \\BLDAD01 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ab, version 0.0 Description : Local Security Authority Windows process : lsass.exe Type : Remote RPC service Named pipe : \pipe\lsass Netbios name : \\BLDAD01 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ab, version 0.0 Description : Local Security Authority Windows process : lsass.exe Type : Remote RPC service Named pipe : \pipe\c52e529144e5206e Netbios name : \\BLDAD01 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Remote RPC service Named pipe : \pipe\lsass Netbios name : \\BLDAD01 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Remote RPC service Named pipe : \pipe\c52e529144e5206e Netbios name : \\BLDAD01 Object UUID : 5fc860e0-6f6e-4fc2-83cd-46324f25e90b UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0 Description : Unknown RPC service Annotation : RemoteAccessCheck Type : Remote RPC service Named pipe : \pipe\lsass Netbios name : \\BLDAD01 Object UUID : 5fc860e0-6f6e-4fc2-83cd-46324f25e90b UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0 Description : Unknown RPC service Annotation : RemoteAccessCheck Type : Remote RPC service Named pipe : \pipe\c52e529144e5206e Netbios name : \\BLDAD01 Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0 Description : Unknown RPC service Annotation : RemoteAccessCheck Type : Remote RPC service Named pipe : \pipe\lsass Netbios name : \\BLDAD01 Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0 Description : Unknown RPC service Annotation : RemoteAccessCheck Type : Remote RPC service Named pipe : \pipe\c52e529144e5206e Netbios name : \\BLDAD01 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345678-1234-abcd-ef00-01234567cffb, version 1.0 Description : Network Logon Service Windows process : lsass.exe Type : Remote RPC service Named pipe : \pipe\lsass Netbios name : \\BLDAD01 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345678-1234-abcd-ef00-01234567cffb, version 1.0 Description : Network Logon Service Windows process : lsass.exe Type : Remote RPC service Named pipe : \pipe\c52e529144e5206e Netbios name : \\BLDAD01 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 Description : Unknown RPC service Annotation : KeyIso Type : Remote RPC service Named pipe : \pipe\lsass Netbios name : \\BLDAD01 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 Description : Unknown RPC service Annotation : KeyIso Type : Remote RPC service Named pipe : \pipe\c52e529144e5206e Netbios name : \\BLDAD01 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : b9785960-524f-11df-8b6d-83dcded72085, version 1.0 Description : Unknown RPC service Annotation : SIDKEY Type : Remote RPC service Named pipe : \pipe\lsass Netbios name : \\BLDAD01 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : b9785960-524f-11df-8b6d-83dcded72085, version 1.0 Description : Unknown RPC service Annotation : SIDKEY Type : Remote RPC service Named pipe : \pipe\c52e529144e5206e Netbios name : \\BLDAD01 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 7f1343fe-50a9-4927-a778-0c5859517bac, version 1.0 Description : Unknown RPC service Annotation : DfsDs service Type : Remote RPC service Named pipe : \PIPE\wkssvc Netbios name : \\BLDAD01 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0 Description : Unknown RPC service Annotation : WinHttp Auto-Proxy Service Type : Remote RPC service Named pipe : \PIPE\W32TIME_ALT Netbios name : \\BLDAD01 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Remote RPC service Named pipe : \PIPE\atsvc Netbios name : \\BLDAD01 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Remote RPC service Named pipe : \PIPE\atsvc Netbios name : \\BLDAD01 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0 Description : Unknown RPC service Type : Remote RPC service Named pipe : \PIPE\atsvc Netbios name : \\BLDAD01 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0 Description : Unknown RPC service Type : Remote RPC service Named pipe : \PIPE\atsvc Netbios name : \\BLDAD01 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0 Description : Unknown RPC service Annotation : XactSrv service Type : Remote RPC service Named pipe : \PIPE\atsvc Netbios name : \\BLDAD01 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 1a0d010f-1c33-432c-b0f5-8cf4e8053099, version 1.0 Description : Unknown RPC service Annotation : IdSegSrv service Type : Remote RPC service Named pipe : \PIPE\atsvc Netbios name : \\BLDAD01 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0 Description : Unknown RPC service Annotation : IKE/Authip API Type : Remote RPC service Named pipe : \PIPE\atsvc Netbios name : \\BLDAD01 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0 Description : Unknown RPC service Annotation : IKE/Authip API Type : Remote RPC service Named pipe : \PIPE\srvsvc Netbios name : \\BLDAD01 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0 Description : Unknown RPC service Annotation : IP Transition Configuration endpoint Type : Remote RPC service Named pipe : \PIPE\atsvc Netbios name : \\BLDAD01 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0 Description : Unknown RPC service Annotation : IP Transition Configuration endpoint Type : Remote RPC service Named pipe : \PIPE\srvsvc Netbios name : \\BLDAD01 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0 Description : Unknown RPC service Annotation : Proxy Manager provider server endpoint Type : Remote RPC service Named pipe : \PIPE\atsvc Netbios name : \\BLDAD01 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0 Description : Unknown RPC service Annotation : Proxy Manager provider server endpoint Type : Remote RPC service Named pipe : \PIPE\srvsvc Netbios name : \\BLDAD01 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0 Description : Unknown RPC service Annotation : Proxy Manager client server endpoint Type : Remote RPC service Named pipe : \PIPE\atsvc Netbios name : \\BLDAD01 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0 Description : Unknown RPC service Annotation : Proxy Manager client server endpoint Type : Remote RPC service Named pipe : \PIPE\srvsvc Netbios name : \\BLDAD01 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0 Description : Unknown RPC service Annotation : Adh APIs Type : Remote RPC service Named pipe : \PIPE\atsvc Netbios name : \\BLDAD01 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0 Description : Unknown RPC service Annotation : Adh APIs Type : Remote RPC service Named pipe : \PIPE\srvsvc Netbios name : \\BLDAD01 Object UUID : 73736573-6f69-656e-6e76-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Remote RPC service Named pipe : \PIPE\atsvc Netbios name : \\BLDAD01 Object UUID : 73736573-6f69-656e-6e76-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Remote RPC service Named pipe : \PIPE\srvsvc Netbios name : \\BLDAD01 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0 Description : Unknown RPC service Type : Remote RPC service Named pipe : \PIPE\atsvc Netbios name : \\BLDAD01 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0 Description : Unknown RPC service Type : Remote RPC service Named pipe : \PIPE\srvsvc Netbios name : \\BLDAD01 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0 Description : Unknown RPC service Annotation : Event log TCPIP Type : Remote RPC service Named pipe : \pipe\eventlog Netbios name : \\BLDAD01 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0 Description : Unknown RPC service Annotation : NRP server endpoint Type : Remote RPC service Named pipe : \pipe\eventlog Netbios name : \\BLDAD01 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : abfb6ca3-0c5e-4734-9285-0aee72fe8d1c, version 1.0 Description : Unknown RPC service Annotation : Wcm Service Type : Remote RPC service Named pipe : \pipe\eventlog Netbios name : \\BLDAD01 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0 Description : Unknown RPC service Annotation : DHCPv6 Client LRPC Endpoint Type : Remote RPC service Named pipe : \pipe\eventlog Netbios name : \\BLDAD01 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0 Description : DHCP Client Service Windows process : svchost.exe Annotation : DHCP Client LRPC Endpoint Type : Remote RPC service Named pipe : \pipe\eventlog Netbios name : \\BLDAD01 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 Description : Unknown RPC service Type : Remote RPC service Named pipe : \pipe\LSM_API_service Netbios name : \\BLDAD01
|
10785 - Microsoft Windows SMB NativeLanManager Remote System Information Disclosure |
[-/+] |
Synopsis
It was possible to obtain information about the remote operating system.Description
Nessus was able to obtain the remote operating system name and version (Windows and/or Samba) by sending an authentication request to port 139 or 445. Note that this plugin requires SMB1 to be enabled on the host.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2001/10/17, Modification date: 2017/02/21Ports
tcp/445
The remote Operating System is : Windows Server 2012 R2 Standard 9600 The remote native LAN manager is : Windows Server 2012 R2 Standard 6.3 The remote SMB Domain Name is : BLD01SEC
|
10859 - Microsoft Windows SMB LsaQueryInformationPolicy Function SID Enumeration |
[-/+] |
Synopsis
It is possible to obtain the host SID for the remote host.Description
By emulating the call to LsaQueryInformationPolicy(), it was possible to obtain the host SID (Security Identifier). The host SID can then be used to get the list of local users.See Also
Solution
You can prevent anonymous lookups of the host SID by setting the 'RestrictAnonymous' registry setting to an appropriate value. Refer to the 'See also' section for guidance.Risk Factor
NoneReferences
Plugin Information:
Publication date: 2002/02/13, Modification date: 2015/11/18Ports
tcp/445
The remote host SID value is : 1-5-21-2770019732-1922860174-1796585773 The value of 'RestrictAnonymous' setting is : 0
|
10860 - SMB Use Host SID to Enumerate Local Users |
[-/+] |
Synopsis
Nessus was able to enumerate local users.Description
Using the host security identifier (SID), Nessus was able to enumerate local users on the remote Windows system.Solution
n/aRisk Factor
NoneReferences
Plugin Information:
Publication date: 2002/02/13, Modification date: 2017/02/02Ports
tcp/445
- Administrator (id 500, Administrator account) - Guest (id 501, Guest account) - BLDAD01$ (id 1001) - BLDDE01$ (id 1104) - de400$ (id 1105) - hisspd (id 1110) - netman (id 1111) - oracle (id 1112) - nmoper (id 1113) - nmuser (id 1114) - nmadmin (id 1115) - nmsbldad01$ (id 1116) - nmsbldde01$ (id 1117) - nmsNMSCADAbldas01$ (id 1118) - hostbldas01$ (id 1119) - nmsNMSCADAbldas02$ (id 1120) - hostbldas02$ (id 1121) - nmsORADBbldas01$ (id 1122) - nmsORADBbldas02$ (id 1123) - linux-ldap-user (id 1124) - ws500 (id 1125) - sadmin (id 1126) - operator1 (id 1127) - operator2 (id 1128) - operator3 (id 1129) - operator4 (id 1130) - operator5 (id 1131) - operator6 (id 1132) - operator7 (id 1133) - instructor (id 1134) - is500 (id 1135) - NmScadaFileUser (id 1136) - udwexplorer$ (id 1141) - pcu400$ (id 1142) Note that, in addition to the Administrator and Guest accounts, Nessus has enumerated only those local users with IDs between 1000 and 1200. To use a different range, edit the scan policy and change the 'Start UID' and/or 'End UID' preferences for this plugin, then re-run the scan.
|
10902 - Microsoft Windows 'Administrators' Group User List |
[-/+] |
Synopsis
There is at least one user in the 'Administrators' group.Description
Using the supplied credentials, it is possible to extract the member list of the 'Administrators' group. Members of this group have complete access to the remote system.Solution
Verify that each member of the group should have this type of access.Risk Factor
NonePlugin Information:
Publication date: 2002/03/15, Modification date: 2016/08/24Ports
tcp/445
The following users are members of the 'Administrators' group : - BLD01SEC\Administrator (User) - BLD01SEC\Enterprise Admins (Group) - BLD01SEC\Domain Admins (Group)
|
11011 - Microsoft Windows SMB Service Detection |
[-/+] |
Synopsis
A file / print sharing service is listening on the remote host.Description
The remote service understands the CIFS (Common Internet File System) or Server Message Block (SMB) protocol, used to provide shared access to files, printers, etc between nodes on a network.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2002/06/05, Modification date: 2015/06/02Ports
tcp/445
A CIFS server is running on this port.
|
12028 - Microsoft Windows SMB : WindowsUpdate Disabled |
[-/+] |
Synopsis
Remote system is not configured for automatic updates.Description
The remote host does not have Windows Update enabled. Enabling WindowsUpdate will ensure that the remote Windows host has all the latest Microsoft Patches installed.See Also
Solution
Enable Windows Update on this hostRisk Factor
NonePlugin Information:
Publication date: 2004/01/22, Modification date: 2015/01/12Ports
tcp/445
Nessus determined 'Automatic Updates' are disabled based on the following registry setting(s) : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\AUOptions : 1
|
17651 - Microsoft Windows SMB : Obtains the Password Policy |
[-/+] |
Synopsis
It is possible to retrieve the remote host's password policy using the supplied credentials.Description
Using the supplied credentials it was possible to extract the password policy for the remote Windows host. The password policy must conform to the Informational System Policy.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2005/03/30, Modification date: 2015/01/12Ports
tcp/445
The following password policy is defined on the remote host: Minimum password len: 7 Password history len: 24 Maximum password age (d): 42 Password must meet complexity requirements: Enabled Minimum password age (d): 1 Forced logoff time (s): Not set Locked account time (s): 1800 Time between failed logon (s): 1800 Number of invalid logon before locked out (s): 0
|
20811 - Microsoft Windows Installed Software Enumeration (credentialed check) |
[-/+] |
Synopsis
It is possible to enumerate installed software.Description
This plugin lists software potentially installed on the remote host by crawling the registry entries in : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall HKLM\SOFTWARE\Microsoft\Updates Note that these entries do not necessarily mean the applications are actually installed on the remote host - they may have been left behind by uninstallers, or the associated files may have been manually removed.Solution
Remove any applications that are not compliant with your organization's acceptable use and security policies.Risk Factor
NonePlugin Information:
Publication date: 2006/01/26, Modification date: 2013/07/25Ports
tcp/445
The following software are installed on the remote host : VMware Tools [version 10.0.10.4301679] [installed on 2016/09/19] Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 [version 9.0.30729.4148] [installed on 2016/04/07] VMware Tools [version 9.10.0.2476743] [installed on 2016/10/27] Microsoft .NET Framework 4.6.1 SDK [version 4.6.01055] [installed on 2016/04/07] Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 [version 9.0.30729.6161] [installed on 2016/04/07] Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 [version 14.0.23026.0] Microsoft .NET Framework 4.6.1 Targeting Pack [version 4.6.01055] [installed on 2016/04/07] Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) [version 4.6.01055] [installed on 2016/04/07] Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.23026 [version 14.0.23026] [installed on 2016/04/07] Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.23026 [version 14.0.23026] [installed on 2016/04/07] WinSCP [version 5.7.7] [installed on 2016/06/22] NMSecurity [version 9.0.123.201606] [installed on 2016/06/22] PuTTY [version 0.67] [installed on 2016/06/22] NXLog-CE [version 2.9.1716] [installed on 2017/04/05] Microsoft .NET Framework 4.6.1 Developer Pack [version 4.6.1055]
|
23974 - Microsoft Windows SMB Share Hosting Office Files |
[-/+] |
Synopsis
The remote share contains Office-related files.Description
This plugin connects to the remotely accessible SMB shares and attempts to find office related files (such as .doc, .ppt, .xls, .pdf etc).Solution
Make sure that the files containing confidential information have proper access controls set on them.Risk Factor
NonePlugin Information:
Publication date: 2007/01/04, Modification date: 2011/03/21Ports
tcp/445
Here is a list of office files which have been found on the remote SMB shares : + C$ : - \windows\winsxs\x86_microsoft-windows-r..ement-client-v1-api_31bf3856ad364e35_6.3.9600.17415_none_7ce9fc3baea493ac\msoirmprotector.doc - \windows\winsxs\x86_microsoft-windows-r..ement-client-v1-api_31bf3856ad364e35_6.3.9600.16483_none_7c9c62fbaedf0af4\msoirmprotector.doc - \windows\winsxs\x86_microsoft-windows-r..ement-client-v1-api_31bf3856ad364e35_6.3.9600.16384_none_7c9d615faede2724\msoirmprotector.doc - \windows\system32\msdrm\msoirmprotector.doc - \windows\syswow64\msdrm\msoirmprotector.doc - \windows\winsxs\amd64_microsoft-windows-r..ement-client-v1-api_31bf3856ad364e35_6.3.9600.16384_none_d8bbfce3673b985a\msoirmprotector.doc - \windows\winsxs\amd64_microsoft-windows-r..ement-client-v1-api_31bf3856ad364e35_6.3.9600.16483_none_d8bafe7f673c7c2a\msoirmprotector.doc - \windows\winsxs\amd64_microsoft-windows-r..ement-client-v1-api_31bf3856ad364e35_6.3.9600.17415_none_d90897bf670204e2\msoirmprotector.doc - \windows\winsxs\x86_microsoft-windows-r..ement-client-v1-api_31bf3856ad364e35_6.3.9600.17415_none_7ce9fc3baea493ac\msoirmprotector.ppt - \windows\winsxs\x86_microsoft-windows-r..ement-client-v1-api_31bf3856ad364e35_6.3.9600.16483_none_7c9c62fbaedf0af4\msoirmprotector.ppt - \windows\winsxs\x86_microsoft-windows-r..ement-client-v1-api_31bf3856ad364e35_6.3.9600.16384_none_7c9d615faede2724\msoirmprotector.ppt - \windows\system32\msdrm\msoirmprotector.ppt - \windows\syswow64\msdrm\msoirmprotector.ppt - \windows\winsxs\amd64_microsoft-windows-r..ement-client-v1-api_31bf3856ad364e35_6.3.9600.16384_none_d8bbfce3673b985a\msoirmprotector.ppt - \windows\winsxs\amd64_microsoft-windows-r..ement-client-v1-api_31bf3856ad364e35_6.3.9600.16483_none_d8bafe7f673c7c2a\msoirmprotector.ppt - \windows\winsxs\amd64_microsoft-windows-r..ement-client-v1-api_31bf3856ad364e35_6.3.9600.17415_none_d90897bf670204e2\msoirmprotector.ppt - \windows\winsxs\x86_microsoft-windows-r..ement-client-v1-api_31bf3856ad364e35_6.3.9600.17415_none_7ce9fc3baea493ac\msoirmprotector.xls - \windows\winsxs\x86_microsoft-windows-r..ement-client-v1-api_31bf3856ad364e35_6.3.9600.16483_none_7c9c62fbaedf0af4\msoirmprotector.xls - \windows\winsxs\x86_microsoft-windows-r..ement-client-v1-api_31bf3856ad364e35_6.3.9600.16384_none_7c9d615faede2724\msoirmprotector.xls - \windows\system32\msdrm\msoirmprotector.xls - \windows\syswow64\msdrm\msoirmprotector.xls - \windows\winsxs\amd64_microsoft-windows-r..ement-client-v1-api_31bf3856ad364e35_6.3.9600.16384_none_d8bbfce3673b985a\msoirmprotector.xls - \windows\winsxs\amd64_microsoft-windows-r..ement-client-v1-api_31bf3856ad364e35_6.3.9600.16483_none_d8bafe7f673c7c2a\msoirmprotector.xls - \windows\winsxs\amd64_microsoft-windows-r..ement-client-v1-api_31bf3856ad364e35_6.3.9600.17415_none_d90897bf670204e2\msoirmprotector.xls
|
34220 - Netstat Portscanner (WMI) |
[-/+] |
Synopsis
The list of open ports could be retrieved via netstat.Description
Using the WMI interface, it was possible to get the open ports by running the netstat command remotely.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/16, Modification date: 2017/04/03Ports
tcp/445
Port 445/tcp was found to be open
|
34252 - Microsoft Windows Remote Listeners Enumeration (WMI) |
[-/+] |
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/23, Modification date: 2017/04/03Ports
tcp/445
The Win32 process 'System' is listening on this port (pid 4).
|
35730 - Microsoft Windows USB Device Usage Report |
[-/+] |
Synopsis
It was possible to get a list of USB devices that may have been connected to the remote system in the past.Description
Using the supplied credentials, this plugin enumerates USB devices that have been connected to the remote Windows host in the past.See Also
Solution
Make sure that the use of USB drives is in accordance with your organization's security policy.Risk Factor
NonePlugin Information:
Publication date: 2009/02/24, Modification date: 2016/05/11Ports
tcp/445
The following is a list of USB devices that have been connected to remote system at least once in the past : Device Name : CBM USB2.0 USB Device Last Inserted Time : Apr. 5, 2017 at 16:06:26 GMT First used : unknown (Note that for a complete listing of 'First used' times you should run this test with the option 'thorough_tests' enabled.)
|
38689 - Microsoft Windows SMB Last Logged On User Disclosure |
[-/+] |
Synopsis
Nessus was able to identify the last logged on user on the remote host.Description
By connecting to the remote host with the supplied credentials, Nessus was able to identify the username associated with the last successful logon.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2009/05/05, Modification date: 2017/01/26Ports
tcp/445
Last Successful logon : Administrator
|
44401 - Microsoft Windows SMB Service Config Enumeration |
[-/+] |
Synopsis
It was possible to enumerate configuration parameters of remote services.Description
Nessus was able to obtain, via the SMB protocol, the launch parameters of each active service on the remote host (executable path, logon type, etc).Solution
Ensure that each service is configured properly.Risk Factor
NonePlugin Information:
Publication date: 2010/02/05, Modification date: 2016/10/20Ports
tcp/445
The following services are set to start automatically : ADWS startup parameters : Display name : Active Directory Web Services Service name : ADWS Log on as : LocalSystem Executable path : C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe BFE startup parameters : Display name : Base Filtering Engine Service name : BFE Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork Dependencies : RpcSs/WfpLwfs/ CertSvc startup parameters : Display name : Active Directory Certificate Services Service name : CertSvc Log on as : LocalSystem Executable path : C:\Windows\system32\certsrv.exe CryptSvc startup parameters : Display name : Cryptographic Services Service name : CryptSvc Log on as : NT Authority\NetworkService Executable path : C:\Windows\system32\svchost.exe -k NetworkService Dependencies : RpcSs/ DFSR startup parameters : Display name : DFS Replication Service name : DFSR Log on as : LocalSystem Executable path : C:\Windows\system32\DFSRs.exe Dependencies : RpcSs/EventSystem/NTDS/ DHCPServer startup parameters : Display name : DHCP Server Service name : DHCPServer Log on as : NT AUTHORITY\NetworkService Executable path : C:\Windows\system32\svchost.exe -k DHCPServer Dependencies : RpcSs/Tcpip/SamSs/EventLog/EventSystem/ DNS startup parameters : Display name : DNS Server Service name : DNS Log on as : LocalSystem Executable path : C:\Windows\system32\dns.exe Dependencies : Tcpip/Afd/RpcSs/NTDS/ Dfs startup parameters : Display name : DFS Namespace Service name : Dfs Log on as : LocalSystem Executable path : C:\Windows\system32\dfssvc.exe Dependencies : LanmanWorkstation/LanmanServer/DfsDriver/Mup/SamSS/RemoteRegistry/ Dhcp startup parameters : Display name : DHCP Client Service name : Dhcp Log on as : NT Authority\LocalService Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted Dependencies : NSI/Tdx/Afd/ Dnscache startup parameters : Display name : DNS Client Service name : Dnscache Log on as : NT AUTHORITY\NetworkService Executable path : C:\Windows\system32\svchost.exe -k NetworkService Dependencies : Tdx/nsi/ EventLog startup parameters : Display name : Windows Event Log Service name : EventLog Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted EventSystem startup parameters : Display name : COM+ Event System Service name : EventSystem Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\system32\svchost.exe -k LocalService Dependencies : rpcss/ FontCache startup parameters : Display name : Windows Font Cache Service Service name : FontCache Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\system32\svchost.exe -k LocalService IKEEXT startup parameters : Display name : IKE and AuthIP IPsec Keying Modules Service name : IKEEXT Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k netsvcs Dependencies : BFE/ IsmServ startup parameters : Display name : Intersite Messaging Service name : IsmServ Log on as : LocalSystem Executable path : C:\Windows\System32\ismserv.exe Dependencies : SamSS/NTDS/ Kdc startup parameters : Display name : Kerberos Key Distribution Center Service name : Kdc Log on as : LocalSystem Executable path : C:\Windows\System32\lsass.exe Dependencies : RpcSs/Afd/NTDS/ LanmanServer startup parameters : Display name : Server Service name : LanmanServer Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k netsvcs Dependencies : SamSS/Srv2/ LanmanWorkstation startup parameters : Display name : Workstation Service name : LanmanWorkstation Log on as : NT AUTHORITY\NetworkService Executable path : C:\Windows\System32\svchost.exe -k NetworkService Dependencies : Bowser/MRxSmb20/NSI/ MpsSvc startup parameters : Display name : Windows Firewall Service name : MpsSvc Log on as : NT Authority\LocalService Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork Dependencies : mpsdrv/bfe/ NTDS startup parameters : Display name : Active Directory Domain Services Service name : NTDS Log on as : LocalSystem Executable path : C:\Windows\System32\lsass.exe Netlogon startup parameters : Display name : Netlogon Service name : Netlogon Log on as : LocalSystem Executable path : C:\Windows\system32\lsass.exe Dependencies : LanmanWorkstation/LanmanServer/ NlaSvc startup parameters : Display name : Network Location Awareness Service name : NlaSvc Log on as : NT AUTHORITY\NetworkService Executable path : C:\Windows\System32\svchost.exe -k NetworkService Dependencies : NSI/RpcSs/TcpIp/Dhcp/Eventlog/ Power startup parameters : Display name : Power Service name : Power Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch ProfSvc startup parameters : Display name : User Profile Service Service name : ProfSvc Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k netsvcs Dependencies : RpcSs/ RemoteRegistry startup parameters : Display name : Remote Registry Service name : RemoteRegistry Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\system32\svchost.exe -k localService Dependencies : RPCSS/ SENS startup parameters : Display name : System Event Notification Service Service name : SENS Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k netsvcs Dependencies : EventSystem/ SNMP startup parameters : Display name : SNMP Service Service name : SNMP Log on as : LocalSystem Executable path : C:\Windows\System32\snmp.exe SamSs startup parameters : Display name : Security Accounts Manager Service name : SamSs Log on as : LocalSystem Executable path : C:\Windows\system32\lsass.exe Dependencies : RPCSS/ ShellHWDetection startup parameters : Display name : Shell Hardware Detection Service name : ShellHWDetection Log on as : LocalSystem Executable path : C:\Windows\System32\svchost.exe -k netsvcs Dependencies : RpcSs/ Spooler startup parameters : Display name : Print Spooler Service name : Spooler Log on as : LocalSystem Executable path : C:\Windows\System32\spoolsv.exe Dependencies : RPCSS/http/ Themes startup parameters : Display name : Themes Service name : Themes Log on as : LocalSystem Executable path : C:\Windows\System32\svchost.exe -k netsvcs UALSVC startup parameters : Display name : User Access Logging Service Service name : UALSVC Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted Dependencies : WinMgmt/ VGAuthService startup parameters : Display name : VMware Alias Manager and Ticket Service Service name : VGAuthService Log on as : LocalSystem Executable path : "C:\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe" VMTools startup parameters : Display name : VMware Tools Service name : VMTools Log on as : LocalSystem Executable path : "C:\Program Files\VMware\VMware Tools\vmtoolsd.exe" W32Time startup parameters : Display name : Windows Time Service name : W32Time Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\system32\svchost.exe -k LocalService Wcmsvc startup parameters : Display name : Windows Connection Manager Service name : Wcmsvc Log on as : NT Authority\LocalService Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted Dependencies : RpcSs/ WinRM startup parameters : Display name : Windows Remote Management (WS-Management) Service name : WinRM Log on as : NT AUTHORITY\NetworkService Executable path : C:\Windows\System32\svchost.exe -k NetworkService Dependencies : RPCSS/HTTP/ Winmgmt startup parameters : Display name : Windows Management Instrumentation Service name : Winmgmt Log on as : localSystem Executable path : C:\Windows\system32\svchost.exe -k netsvcs Dependencies : RPCSS/ iphlpsvc startup parameters : Display name : IP Helper Service name : iphlpsvc Log on as : LocalSystem Executable path : C:\Windows\System32\svchost.exe -k NetSvcs Dependencies : RpcSS/Tdx/winmgmt/tcpip/nsi/WinHttpAutoProxySvc/ lmhosts startup parameters : Display name : TCP/IP NetBIOS Helper Service name : lmhosts Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted Dependencies : NetBT/Afd/ nsi startup parameters : Display name : Network Store Interface Service Service name : nsi Log on as : NT Authority\LocalService Executable path : C:\Windows\system32\svchost.exe -k LocalService Dependencies : rpcss/nsiproxy/ nxlog startup parameters : Display name : nxlog Service name : nxlog Log on as : LocalSystem Executable path : "C:\Program Files (x86)\nxlog\nxlog.exe" -c "C:\Program Files (x86)\nxlog\conf\nxlog.conf" Dependencies : eventlog/ The following services must be started manually : ALG startup parameters : Display name : Application Layer Gateway Service Service name : ALG Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\System32\alg.exe AeLookupSvc startup parameters : Display name : Application Experience Service name : AeLookupSvc Log on as : localSystem Executable path : C:\Windows\system32\svchost.exe -k netsvcs AppIDSvc startup parameters : Display name : Application Identity Service name : AppIDSvc Log on as : NT Authority\LocalService Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted Dependencies : RpcSs/AppID/CryptSvc/ AppMgmt startup parameters : Display name : Application Management Service name : AppMgmt Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k netsvcs AppReadiness startup parameters : Display name : App Readiness Service name : AppReadiness Log on as : LocalSystem Executable path : C:\Windows\System32\svchost.exe -k AppReadiness AppXSvc startup parameters : Display name : AppX Deployment Service (AppXSVC) Service name : AppXSvc Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k wsappx Dependencies : rpcss/ Appinfo startup parameters : Display name : Application Information Service name : Appinfo Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k netsvcs Dependencies : RpcSs/ProfSvc/ AudioEndpointBuilder startup parameters : Display name : Windows Audio Endpoint Builder Service name : AudioEndpointBuilder Log on as : LocalSystem Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted Audiosrv startup parameters : Display name : Windows Audio Service name : Audiosrv Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted Dependencies : AudioEndpointBuilder/RpcSs/MMCSS/ BITS startup parameters : Display name : Background Intelligent Transfer Service Service name : BITS Log on as : LocalSystem Executable path : C:\Windows\System32\svchost.exe -k netsvcs Dependencies : RpcSs/EventSystem/ COMSysApp startup parameters : Display name : COM+ System Application Service name : COMSysApp Log on as : LocalSystem Executable path : C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} Dependencies : RpcSs/EventSystem/SENS/ DeviceAssociationService startup parameters : Display name : Device Association Service Service name : DeviceAssociationService Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted DeviceInstall startup parameters : Display name : Device Install Service Service name : DeviceInstall Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch DsRoleSvc startup parameters : Display name : DS Role Server Service name : DsRoleSvc Log on as : LocalSystem Executable path : C:\Windows\System32\lsass.exe DsmSvc startup parameters : Display name : Device Setup Manager Service name : DsmSvc Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k netsvcs Dependencies : RpcSs/HTTP/ Eaphost startup parameters : Display name : Extensible Authentication Protocol Service name : Eaphost Log on as : localSystem Executable path : C:\Windows\System32\svchost.exe -k netsvcs Dependencies : RPCSS/KeyIso/ FDResPub startup parameters : Display name : Function Discovery Resource Publication Service name : FDResPub Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation Dependencies : RpcSs/http/ FontCache3.0.0.0 startup parameters : Display name : Windows Presentation Foundation Font Cache 3.0.0.0 Service name : FontCache3.0.0.0 Log on as : NT Authority\LocalService Executable path : C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe IEEtwCollectorService startup parameters : Display name : Internet Explorer ETW Collector Service Service name : IEEtwCollectorService Log on as : LocalSystem Executable path : C:\Windows\system32\IEEtwCollector.exe /V KPSSVC startup parameters : Display name : KDC Proxy Server service (KPS) Service name : KPSSVC Log on as : NT AUTHORITY\NetworkService Executable path : C:\Windows\system32\svchost.exe -k KpsSvcGroup Dependencies : rpcss/http/ KdsSvc startup parameters : Display name : Microsoft Key Distribution Service Service name : KdsSvc Log on as : LocalSystem Executable path : C:\Windows\system32\lsass.exe Dependencies : RpcSs/ KeyIso startup parameters : Display name : CNG Key Isolation Service name : KeyIso Log on as : LocalSystem Executable path : C:\Windows\system32\lsass.exe Dependencies : RpcSs/ KtmRm startup parameters : Display name : KtmRm for Distributed Transaction Coordinator Service name : KtmRm Log on as : NT AUTHORITY\NetworkService Executable path : C:\Windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation Dependencies : RPCSS/SamSS/ MMCSS startup parameters : Display name : Multimedia Class Scheduler Service name : MMCSS Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k netsvcs MSiSCSI startup parameters : Display name : Microsoft iSCSI Initiator Service Service name : MSiSCSI Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k netsvcs NcaSvc startup parameters : Display name : Network Connectivity Assistant Service name : NcaSvc Log on as : LocalSystem Executable path : C:\Windows\System32\svchost.exe -k NetSvcs Dependencies : BFE/dnscache/NSI/iphlpsvc/ Netman startup parameters : Display name : Network Connections Service name : Netman Log on as : LocalSystem Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted Dependencies : RpcSs/nsi/ PerfHost startup parameters : Display name : Performance Counter DLL Host Service name : PerfHost Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\SysWow64\perfhost.exe Dependencies : RPCSS/ PlugPlay startup parameters : Display name : Plug and Play Service name : PlugPlay Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch PolicyAgent startup parameters : Display name : IPsec Policy Agent Service name : PolicyAgent Log on as : NT Authority\NetworkService Executable path : C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted Dependencies : Tcpip/bfe/ PrintNotify startup parameters : Display name : Printer Extensions and Notifications Service name : PrintNotify Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k print Dependencies : RpcSs/ RSoPProv startup parameters : Display name : Resultant Set of Policy Provider Service name : RSoPProv Log on as : LocalSystem Executable path : C:\Windows\system32\RSoPProv.exe Dependencies : RPCSS/ RasAuto startup parameters : Display name : Remote Access Auto Connection Manager Service name : RasAuto Log on as : localSystem Executable path : C:\Windows\System32\svchost.exe -k netsvcs Dependencies : RasAcd/ RasMan startup parameters : Display name : Remote Access Connection Manager Service name : RasMan Log on as : localSystem Executable path : C:\Windows\System32\svchost.exe -k netsvcs Dependencies : SstpSvc/ RpcLocator startup parameters : Display name : Remote Procedure Call (RPC) Locator Service name : RpcLocator Log on as : NT AUTHORITY\NetworkService Executable path : C:\Windows\system32\locator.exe SNMPTRAP startup parameters : Display name : SNMP Trap Service name : SNMPTRAP Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\System32\snmptrap.exe SessionEnv startup parameters : Display name : Remote Desktop Configuration Service name : SessionEnv Log on as : localSystem Executable path : C:\Windows\System32\svchost.exe -k netsvcs Dependencies : RPCSS/LanmanWorkstation/ SstpSvc startup parameters : Display name : Secure Socket Tunneling Protocol Service Service name : SstpSvc Log on as : NT Authority\LocalService Executable path : C:\Windows\system32\svchost.exe -k LocalService SysMain startup parameters : Display name : Superfetch Service name : SysMain Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted Dependencies : rpcss/ THREADORDER startup parameters : Display name : Thread Ordering Server Service name : THREADORDER Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\system32\svchost.exe -k LocalService TPAutoConnSvc startup parameters : Display name : TP AutoConnect Service Service name : TPAutoConnSvc Log on as : LocalSystem Executable path : "C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe" TPVCGateway startup parameters : Display name : TP VC Gateway Service Service name : TPVCGateway Log on as : LocalSystem Executable path : "C:\Program Files\VMware\VMware Tools\TPVCGateway.exe" TapiSrv startup parameters : Display name : Telephony Service name : TapiSrv Log on as : NT AUTHORITY\NetworkService Executable path : C:\Windows\System32\svchost.exe -k tapisrv Dependencies : RpcSs/ TermService startup parameters : Display name : Remote Desktop Services Service name : TermService Log on as : NT Authority\NetworkService Executable path : C:\Windows\System32\svchost.exe -k termsvcs Dependencies : RPCSS/ TieringEngineService startup parameters : Display name : Storage Tiers Management Service name : TieringEngineService Log on as : localSystem Executable path : C:\Windows\system32\TieringEngineService.exe TrkWks startup parameters : Display name : Distributed Link Tracking Client Service name : TrkWks Log on as : LocalSystem Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted Dependencies : RpcSs/ UI0Detect startup parameters : Display name : Interactive Services Detection Service name : UI0Detect Log on as : LocalSystem Executable path : C:\Windows\system32\UI0Detect.exe UmRdpService startup parameters : Display name : Remote Desktop Services UserMode Port Redirector Service name : UmRdpService Log on as : localSystem Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted Dependencies : TermService/RDPDR/ VSS startup parameters : Display name : Volume Shadow Copy Service name : VSS Log on as : LocalSystem Executable path : C:\Windows\system32\vssvc.exe Dependencies : RPCSS/ VaultSvc startup parameters : Display name : Credential Manager Service name : VaultSvc Log on as : LocalSystem Executable path : C:\Windows\system32\lsass.exe Dependencies : rpcss/ WEPHOSTSVC startup parameters : Display name : Windows Encryption Provider Host Service Service name : WEPHOSTSVC Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\system32\svchost.exe -k WepHostSvcGroup Dependencies : rpcss/ WPDBusEnum startup parameters : Display name : Portable Device Enumerator Service Service name : WPDBusEnum Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted Dependencies : RpcSs/ WcsPlugInService startup parameters : Display name : Windows Color System Service name : WcsPlugInService Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\system32\svchost.exe -k wcssvc Dependencies : RpcSs/ Wecsvc startup parameters : Display name : Windows Event Collector Service name : Wecsvc Log on as : NT AUTHORITY\NetworkService Executable path : C:\Windows\system32\svchost.exe -k NetworkService Dependencies : HTTP/Eventlog/ WerSvc startup parameters : Display name : Windows Error Reporting Service Service name : WerSvc Log on as : localSystem Executable path : C:\Windows\System32\svchost.exe -k WerSvcGroup WinHttpAutoProxySvc startup parameters : Display name : WinHTTP Web Proxy Auto-Discovery Service Service name : WinHttpAutoProxySvc Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\system32\svchost.exe -k LocalService Dependencies : Dhcp/ defragsvc startup parameters : Display name : Optimize drives Service name : defragsvc Log on as : localSystem Executable path : C:\Windows\system32\svchost.exe -k defragsvc Dependencies : RPCSS/ dot3svc startup parameters : Display name : Wired AutoConfig Service name : dot3svc Log on as : localSystem Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted Dependencies : RpcSs/Ndisuio/Eaphost/ fdPHost startup parameters : Display name : Function Discovery Provider Host Service name : fdPHost Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\system32\svchost.exe -k LocalService Dependencies : RpcSs/http/ hidserv startup parameters : Display name : Human Interface Device Service Service name : hidserv Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted hkmsvc startup parameters : Display name : Health Key and Certificate Management Service name : hkmsvc Log on as : localSystem Executable path : C:\Windows\System32\svchost.exe -k netsvcs Dependencies : RpcSs/ lltdsvc startup parameters : Display name : Link-Layer Topology Discovery Mapper Service name : lltdsvc Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\System32\svchost.exe -k LocalService Dependencies : rpcss/lltdio/ msiserver startup parameters : Display name : Windows Installer Service name : msiserver Log on as : LocalSystem Executable path : C:\Windows\system32\msiexec.exe /V Dependencies : rpcss/ napagent startup parameters : Display name : Network Access Protection Agent Service name : napagent Log on as : NT AUTHORITY\NetworkService Executable path : C:\Windows\System32\svchost.exe -k NetworkService Dependencies : RpcSs/ netprofm startup parameters : Display name : Network List Service Service name : netprofm Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\System32\svchost.exe -k LocalService Dependencies : RpcSs/nlasvc/ pla startup parameters : Display name : Performance Logs & Alerts Service name : pla Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork Dependencies : RPCSS/ sacsvr startup parameters : Display name : Special Administration Console Helper Service name : sacsvr Log on as : LocalSystem Executable path : C:\Windows\System32\svchost.exe -k netsvcs seclogon startup parameters : Display name : Secondary Logon Service name : seclogon Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k netsvcs smphost startup parameters : Display name : Microsoft Storage Spaces SMP Service name : smphost Log on as : NT AUTHORITY\NetworkService Executable path : C:\Windows\System32\svchost.exe -k smphost Dependencies : RPCSS/ svsvc startup parameters : Display name : Spot Verifier Service name : svsvc Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted swprv startup parameters : Display name : Microsoft Software Shadow Copy Provider Service name : swprv Log on as : LocalSystem Executable path : C:\Windows\System32\svchost.exe -k swprv Dependencies : RPCSS/ vds startup parameters : Display name : Virtual Disk Service name : vds Log on as : LocalSystem Executable path : C:\Windows\System32\vds.exe Dependencies : RpcSs/ vmicguestinterface startup parameters : Display name : Hyper-V Guest Service Interface Service name : vmicguestinterface Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted vmicheartbeat startup parameters : Display name : Hyper-V Heartbeat Service Service name : vmicheartbeat Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k ICService vmickvpexchange startup parameters : Display name : Hyper-V Data Exchange Service Service name : vmickvpexchange Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted vmicrdv startup parameters : Display name : Hyper-V Remote Desktop Virtualization Service Service name : vmicrdv Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k ICService vmicshutdown startup parameters : Display name : Hyper-V Guest Shutdown Service Service name : vmicshutdown Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted vmictimesync startup parameters : Display name : Hyper-V Time Synchronization Service Service name : vmictimesync Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted vmicvss startup parameters : Display name : Hyper-V Volume Shadow Copy Requestor Service name : vmicvss Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted vmvss startup parameters : Display name : VMware Snapshot Provider Service name : vmvss Log on as : LocalSystem Executable path : C:\Windows\system32\dllhost.exe /Processid:{FF3ABE4F-3385-4EC8-B5DF-7F13F7FEAAF4} Dependencies : rpcss/ wercplsupport startup parameters : Display name : Problem Reports and Solutions Control Panel Support Service name : wercplsupport Log on as : localSystem Executable path : C:\Windows\System32\svchost.exe -k netsvcs wmiApSrv startup parameters : Display name : WMI Performance Adapter Service name : wmiApSrv Log on as : localSystem Executable path : C:\Windows\system32\wbem\WmiApSrv.exe wuauserv startup parameters : Display name : Windows Update Service name : wuauserv Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k netsvcs Dependencies : rpcss/ wudfsvc startup parameters : Display name : Windows Driver Foundation - User-mode Driver Framework Service name : wudfsvc Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted Dependencies : WudfPf/ The following services are disabled : Browser startup parameters : Display name : Computer Browser Service name : Browser Log on as : LocalSystem Executable path : C:\Windows\System32\svchost.exe -k netsvcs Dependencies : LanmanWorkstation/LanmanServer/ NetTcpPortSharing startup parameters : Display name : Net.Tcp Port Sharing Service Service name : NetTcpPortSharing Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe NtFrs startup parameters : Display name : File Replication Service name : NtFrs Log on as : LocalSystem Executable path : C:\Windows\system32\ntfrs.exe Dependencies : RpcSs/EventSystem/ RemoteAccess startup parameters : Display name : Routing and Remote Access Service name : RemoteAccess Log on as : localSystem Executable path : C:\Windows\System32\svchost.exe -k netsvcs Dependencies : RpcSS/Bfe/RasMan/Http/+NetBIOSGroup/ SSDPSRV startup parameters : Display name : SSDP Discovery Service name : SSDPSRV Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation Dependencies : HTTP/ SharedAccess startup parameters : Display name : Internet Connection Sharing (ICS) Service name : SharedAccess Log on as : LocalSystem Executable path : C:\Windows\System32\svchost.exe -k netsvcs Dependencies : Netman/WinMgmt/BFE/ upnphost startup parameters : Display name : UPnP Device Host Service name : upnphost Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation Dependencies : SSDPSRV/HTTP/
|
48942 - Microsoft Windows SMB Registry : OS Version and Processor Architecture |
[-/+] |
Synopsis
It was possible to determine the processor architecture, build lab strings, and Windows OS version installed on the remote system.Description
Nessus was able to determine the the processor architecture, build lab strings, and the Windows OS version installed on the remote system by connecting to the remote registry with the supplied credentials.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2010/08/31, Modification date: 2016/11/16Ports
tcp/445
Operating system version = 6.3.9600 Architecture = x64 Build lab extended = 9600.18202.amd64fre.winblue_ltsb.160119-0600
|
51351 - Microsoft .NET Framework Detection |
[-/+] |
Synopsis
A software framework is installed on the remote host.Description
Microsoft .NET Framework, a software framework for Microsoft Windows operating systems, is installed on the remote host.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2010/12/20, Modification date: 2016/10/14Ports
tcp/445
The remote host has following version(s) of Microsoft .NET Framework installed : + Version : 2.0.50727 - Full Version : 2.0.50727.4927 - SP : 2 + Version : 3.0 - Full Version : 3.0.30729.4926 - SP : 2 + Version : 3.5 - Full Version : 3.5.30729.4926 - SP : 1 - Path : C:\Windows\Microsoft.NET\Framework64\v3.5\ + Version : 4.6.1 - Install Type : Full - Full Version : 4.6.01055 - Path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ + Version : 4.6.1 - Install Type : Client - Full Version : 4.6.01055 - Path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
|
57033 - Microsoft Patch Bulletin Feasibility Check |
[-/+] |
Synopsis
Nessus is able to check for Microsoft patch bulletins.Description
Using credentials supplied in the scan policy, Nessus is able to collect information about the software and patches installed on the remote Windows host and will use that information to check for missing Microsoft security updates. Note that this plugin is purely informational.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2011/12/06, Modification date: 2016/02/12Ports
tcp/445
Nessus is able to test for missing patches using : Nessus
|
58452 - Microsoft Windows Startup Software Enumeration |
[-/+] |
Synopsis
It is possible to enumerate startup software.Description
This plugin lists software that is configured to run on system startup by crawling the registry entries in : - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run - HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersi on\RunSolution
Review the list of applications and remove any that are not compliant with your organization's acceptable use and security policies.Risk Factor
NonePlugin Information:
Publication date: 2012/03/23, Modification date: 2015/01/12Ports
tcp/445
The following startup item was found : QLogicSaveSystemInfo - rundll32.exe qlco10011.dll,QLSaveSystemInfo VMware User Process - C:\Program Files\VMware\VMware Tools\vmtoolsd.exe
|
60119 - Microsoft Windows SMB Share Permissions Enumeration |
[-/+] |
Synopsis
It was possible to enumerate the permissions of remote network shares.Description
By using the supplied credentials, Nessus was able to enumerate the permissions of network shares. User permissions are enumerated for each network share that has a list of access control entries (ACEs).See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2012/07/25, Modification date: 2017/02/27Ports
tcp/445
Share path : \\BLDAD01\NETLOGON Local path : C:\Windows\SYSVOL\sysvol\bld01sec.se\SCRIPTS Comment : Logon server share [*] Allow ACE for Everyone: 0x000012a9 : YES : NO : YES [*] Allow ACE for BUILTIN\Administrators: 0x001f01ff FILE_ALL_ACCESS: YES FILE_ALL_ACCESS: YES FILE_ALL_ACCESS: YES Share path : \\BLDAD01\nmdfs Local path : C:\DFSRoots\nmdfs [*] Allow ACE for Everyone: 0x000012a9 : YES : NO : YES Share path : \\BLDAD01\SYSVOL Local path : C:\Windows\SYSVOL\sysvol Comment : Logon server share [*] Allow ACE for Everyone: 0x000012a9 : YES : NO : YES [*] Allow ACE for BUILTIN\Administrators: 0x001f01ff FILE_ALL_ACCESS: YES FILE_ALL_ACCESS: YES FILE_ALL_ACCESS: YES [*] Allow ACE for NT AUTHORITY\Authenticated Users: 0x001f01ff FILE_ALL_ACCESS: YES FILE_ALL_ACCESS: YES FILE_ALL_ACCESS: YES
|
63080 - Microsoft Windows Mounted Devices |
[-/+] |
Synopsis
It is possible to get a list of mounted devices that may have been connected to the remote system in the past.Description
By connecting to the remote host with the supplied credentials, this plugin enumerates mounted devices that have been connected to the remote host in the past.See Also
Solution
Make sure that the mounted drives agree with your organization's acceptable use and security policies.Risk Factor
NonePlugin Information:
Publication date: 2012/11/28, Modification date: 2012/11/28Ports
tcp/445
Name : \??\volume{abefd492-fd23-11e5-80bf-806e6f6e6963} Data : v) Raw data : 7629909c0000100000000000 Name : \??\volume{abefd498-fd23-11e5-80bf-806e6f6e6963} Data : \??\FDC#GENERIC_FLOPPY_DRIVE#6&2a770f87&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} Raw data : 5c003f003f005c004600440043002300470045004e0045005200490043005f0046004c004f005000500059005f004400520049005600450023003600260032006100370037003000660038003700260030002600300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 Name : \??\volume{abefd493-fd23-11e5-80bf-806e6f6e6963} Data : v)P Raw data : 7629909c0000501000000000 Name : \??\volume{4c3c007a-9c41-11e6-80e9-806e6f6e6963} Data : \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&26d35ff7&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} Raw data : 5c003f003f005c00530043005300490023004300640052006f006d002600560065006e005f004e004500430056004d005700610072002600500072006f0064005f0056004d0077006100720065005f0053004100540041005f0043004400300030002300350026003200360064003300350066006600370026003000260030003000300030003000300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 Name : \??\volume{abefd497-fd23-11e5-80bf-806e6f6e6963} Data : \??\IDE#CdRomNECVMWar_VMware_IDE_CDR00_______________1.00____#5&4e95d23&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} Raw data : 5c003f003f005c0049004400450023004300640052006f006d004e004500430056004d005700610072005f0056004d0077006100720065005f004900440045005f00430044005200300030005f005f005f005f005f005f005f005f005f005f005f005f005f005f005f0031002e00300030005f005f005f005f00230035002600340065003900350064003200330026003000260030002e0030002e00300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 Name : \dosdevices\e: Data : _??_USBSTOR#Disk&Ven_CBM&Prod_USB2.0&Rev_5.00#211618009C259212&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f00430042004d002600500072006f0064005f0055005300420032002e00300026005200650076005f0035002e0030003000230032003100310036003100380030003000390043003200350039003200310032002600300023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 Name : \dosdevices\a: Data : \??\FDC#GENERIC_FLOPPY_DRIVE#6&2a770f87&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} Raw data : 5c003f003f005c004600440043002300470045004e0045005200490043005f0046004c004f005000500059005f004400520049005600450023003600260032006100370037003000660038003700260030002600300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 Name : \??\volume{3abe30b7-0fce-11e7-80ef-000c29c96cc7} Data : _??_USBSTOR#Disk&Ven_CBM&Prod_USB2.0&Rev_5.00#211618009C259212&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f00430042004d002600500072006f0064005f0055005300420032002e00300026005200650076005f0035002e0030003000230032003100310036003100380030003000390043003200350039003200310032002600300023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 Name : \dosdevices\c: Data : v)P Raw data : 7629909c0000501000000000 Name : \dosdevices\d: Data : \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&26d35ff7&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} Raw data : 5c003f003f005c00530043005300490023004300640052006f006d002600560065006e005f004e004500430056004d005700610072002600500072006f0064005f0056004d0077006100720065005f0053004100540041005f0043004400300030002300350026003200360064003300350066006600370026003000260030003000300030003000300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00
|
63620 - Windows Product Key Retrieval |
[-/+] |
Synopsis
This plugin retrieves the Windows Product key of the remote Windows host.Description
Using the supplied credentials, Nessus was able to obtain the retrieve the Windows host's partial product key'.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2013/01/18, Modification date: 2013/01/18Ports
tcp/445
Product key : XXXXX-XXXXX-XXXXX-XXXXX-MDVJX Note that all but the final portion of the key has been obfuscated.
|
66424 - Microsoft Malicious Software Removal Tool Installed |
[-/+] |
Synopsis
An antimalware application is installed on the remote Windows host.Description
The Microsoft Malicious Software Removal Tool is installed on the remote host. This tool is an application that attempts to detect and remove known malware from Windows systems.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2013/05/15, Modification date: 2017/03/15Ports
tcp/445
File : C:\Windows\system32\MRT.exe Version : 5.34.12400.0 Release at last run : March 2016 Report infection information to Microsoft : Yes
|
72367 - Microsoft Internet Explorer Version Detection |
[-/+] |
Synopsis
Internet Explorer is installed on the remote host.Description
The remote Windows host contains Internet Explorer, a web browser created by Microsoft.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2014/02/06, Modification date: 2014/02/13Ports
tcp/445
Version : 11.0.9600.18231
|
72879 - Microsoft Internet Explorer Enhanced Security Configuration Detection |
[-/+] |
Synopsis
The remote host supports IE Enhanced Security Configuration.Description
Nessus detects if the remote Windows host supports IE Enhanced Security Configuration (ESC) and if IE ESC features are enabled or disabled.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2014/03/07, Modification date: 2017/04/03Ports
tcp/445
Type : Admin Groups Is Enabled : False Type : User Groups Is Enabled : True
|
97086 - Server Message Block (SMB) Protocol Version 1 Enabled |
[-/+] |
Synopsis
The remote Windows host supports the SMBv1 protocol.Description
The remote Windows host supports Server Message Block Protocol version 1 (SMBv1). Microsoft recommends that users discontinue the use of SMBv1 due to the lack of security features that were included in later SMB versions. Additionally, the Shadow Brokers group reportedly has an exploit that affects SMB; however, it is unknown if the exploit affects SMBv1 or another version. In response to this, US-CERT recommends that users disable SMBv1 per SMB best practices to mitigate these potential issues.See Also
Solution
Disable SMBv1 according to the vendor instructions in Microsoft KB2696547. Additionally, block SMB directly by blocking TCP port 445 on all network boundary devices. For SMB over the NetBIOS API, block TCP ports 137 / 139 and UDP ports 137 / 138 on all network boundary devices.Risk Factor
NoneReferences
Plugin Information:
Publication date: 2017/02/09, Modification date: 2017/03/09Ports
tcp/445
SMBv1 server is enabled : - HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB1 : NULL or missing SMB1protocol feature is enabled based on the following key : - HKLM\SYSTEM\CurrentControlSet\Services\srv
464/tcp
|
34252 - Microsoft Windows Remote Listeners Enumeration (WMI) |
[-/+] |
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/23, Modification date: 2017/04/03Ports
tcp/464
The Win32 process 'lsass.exe' is listening on this port (pid 480). This process 'lsass.exe' (pid 480) is hosting the following Windows services : Kdc (@%SystemRoot%\System32\kdcsvc.dll,-1) KdsSvc (@KdsSvc.dll,-100) KeyIso (@keyiso.dll,-100) Netlogon (@%SystemRoot%\System32\netlogon.dll,-102) NTDS (@%SystemRoot%\System32\ntdsmsg.dll,-1) SamSs (@%SystemRoot%\system32\samsrv.dll,-1)
464/udp
|
34220 - Netstat Portscanner (WMI) |
[-/+] |
Synopsis
The list of open ports could be retrieved via netstat.Description
Using the WMI interface, it was possible to get the open ports by running the netstat command remotely.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/16, Modification date: 2017/04/03Ports
udp/464
Port 464/udp was found to be open
500/udp
|
34220 - Netstat Portscanner (WMI) |
[-/+] |
Synopsis
The list of open ports could be retrieved via netstat.Description
Using the WMI interface, it was possible to get the open ports by running the netstat command remotely.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/16, Modification date: 2017/04/03Ports
udp/500
Port 500/udp was found to be open
|
34252 - Microsoft Windows Remote Listeners Enumeration (WMI) |
[-/+] |
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/23, Modification date: 2017/04/03Ports
udp/500
The Win32 process 'svchost.exe' is listening on this port (pid 796). This process 'svchost.exe' (pid 796) is hosting the following Windows services : AppMgmt (@appmgmts.dll,-3250) CertPropSvc (@%SystemRoot%\System32\certprop.dll,-11) gpsvc (@gpapi.dll,-112) IKEEXT (@%SystemRoot%\system32\ikeext.dll,-501) iphlpsvc (@%SystemRoot%\system32\iphlpsvc.dll,-500) LanmanServer (@%systemroot%\system32\srvsvc.dll,-100) ProfSvc (@%systemroot%\system32\profsvc.dll,-300) Schedule (@%SystemRoot%\system32\schedsvc.dll,-100) SENS (@%SystemRoot%\system32\Sens.dll,-200) SessionEnv (@%SystemRoot%\System32\SessEnv.dll,-1026) ShellHWDetection (@%SystemRoot%\System32\shsvcs.dll,-12288) Themes (@%SystemRoot%\System32\themeservice.dll,-8192) Winmgmt (@%Systemroot%\system32\wbem\wmisvc.dll,-205)
593/tcp
|
34220 - Netstat Portscanner (WMI) |
[-/+] |
Synopsis
The list of open ports could be retrieved via netstat.Description
Using the WMI interface, it was possible to get the open ports by running the netstat command remotely.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/16, Modification date: 2017/04/03Ports
tcp/593
Port 593/tcp was found to be open
|
34252 - Microsoft Windows Remote Listeners Enumeration (WMI) |
[-/+] |
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/23, Modification date: 2017/04/03Ports
tcp/593
The Win32 process 'svchost.exe' is listening on this port (pid 664). This process 'svchost.exe' (pid 664) is hosting the following Windows services : RpcEptMapper (@%windir%\system32\RpcEpMap.dll,-1001) RpcSs (@combase.dll,-5010)
636/tcp
|
34220 - Netstat Portscanner (WMI) |
[-/+] |
Synopsis
The list of open ports could be retrieved via netstat.Description
Using the WMI interface, it was possible to get the open ports by running the netstat command remotely.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/16, Modification date: 2017/04/03Ports
tcp/636
Port 636/tcp was found to be open
|
34252 - Microsoft Windows Remote Listeners Enumeration (WMI) |
[-/+] |
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/23, Modification date: 2017/04/03Ports
tcp/636
The Win32 process 'lsass.exe' is listening on this port (pid 480). This process 'lsass.exe' (pid 480) is hosting the following Windows services : Kdc (@%SystemRoot%\System32\kdcsvc.dll,-1) KdsSvc (@KdsSvc.dll,-100) KeyIso (@keyiso.dll,-100) Netlogon (@%SystemRoot%\System32\netlogon.dll,-102) NTDS (@%SystemRoot%\System32\ntdsmsg.dll,-1) SamSs (@%SystemRoot%\system32\samsrv.dll,-1)
2535/udp
|
34220 - Netstat Portscanner (WMI) |
[-/+] |
Synopsis
The list of open ports could be retrieved via netstat.Description
Using the WMI interface, it was possible to get the open ports by running the netstat command remotely.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/16, Modification date: 2017/04/03Ports
udp/2535
Port 2535/udp was found to be open
|
34252 - Microsoft Windows Remote Listeners Enumeration (WMI) |
[-/+] |
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/23, Modification date: 2017/04/03Ports
udp/2535
The Win32 process 'svchost.exe' is listening on this port (pid 1384). This process 'svchost.exe' (pid 1384) is hosting the following Windows services : DHCPServer (@%SystemRoot%\system32\dhcpssvc.dll,-200)
3268/tcp
|
34220 - Netstat Portscanner (WMI) |
[-/+] |
Synopsis
The list of open ports could be retrieved via netstat.Description
Using the WMI interface, it was possible to get the open ports by running the netstat command remotely.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/16, Modification date: 2017/04/03Ports
tcp/3268
Port 3268/tcp was found to be open
|
34252 - Microsoft Windows Remote Listeners Enumeration (WMI) |
[-/+] |
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/23, Modification date: 2017/04/03Ports
tcp/3268
The Win32 process 'lsass.exe' is listening on this port (pid 480). This process 'lsass.exe' (pid 480) is hosting the following Windows services : Kdc (@%SystemRoot%\System32\kdcsvc.dll,-1) KdsSvc (@KdsSvc.dll,-100) KeyIso (@keyiso.dll,-100) Netlogon (@%SystemRoot%\System32\netlogon.dll,-102) NTDS (@%SystemRoot%\System32\ntdsmsg.dll,-1) SamSs (@%SystemRoot%\system32\samsrv.dll,-1)
3269/tcp
|
34220 - Netstat Portscanner (WMI) |
[-/+] |
Synopsis
The list of open ports could be retrieved via netstat.Description
Using the WMI interface, it was possible to get the open ports by running the netstat command remotely.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/16, Modification date: 2017/04/03Ports
tcp/3269
Port 3269/tcp was found to be open
|
34252 - Microsoft Windows Remote Listeners Enumeration (WMI) |
[-/+] |
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/23, Modification date: 2017/04/03Ports
tcp/3269
The Win32 process 'lsass.exe' is listening on this port (pid 480). This process 'lsass.exe' (pid 480) is hosting the following Windows services : Kdc (@%SystemRoot%\System32\kdcsvc.dll,-1) KdsSvc (@KdsSvc.dll,-100) KeyIso (@keyiso.dll,-100) Netlogon (@%SystemRoot%\System32\netlogon.dll,-102) NTDS (@%SystemRoot%\System32\ntdsmsg.dll,-1) SamSs (@%SystemRoot%\system32\samsrv.dll,-1)
3389/tcp
|
18405 - Microsoft Windows Remote Desktop Protocol Server Man-in-the-Middle Weakness |
[-/+] |
Synopsis
It may be possible to get access to the remote host.Description
The remote version of the Remote Desktop Protocol Server (Terminal Service) is vulnerable to a man-in-the-middle (MiTM) attack. The RDP client makes no effort to validate the identity of the server when setting up encryption. An attacker with the ability to intercept traffic from the RDP server can establish encryption with the client and server without being detected. A MiTM attack of this nature would allow the attacker to obtain any sensitive information transmitted, including authentication credentials. This flaw exists because the RDP server stores a hard-coded RSA private key in the mstlsapi.dll library. Any local user with access to this file (on any Windows system) can retrieve the key and use it for this attack.See Also
Solution
- Force the use of SSL as a transport layer for this service if supported, or/and - Select the 'Allow connections only from computers running Remote Desktop with Network Level Authentication' setting if it is available.Risk Factor
MediumCVSS Base Score
5.1 (CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)CVSS Temporal Score
4.6 (CVSS2#E:F/RL:W/RC:ND)References
Plugin Information:
Publication date: 2005/06/01, Modification date: 2016/11/23Ports
tcp/3389
|
10940 - Windows Terminal Services Enabled |
[-/+] |
Synopsis
The remote Windows host has Terminal Services enabled.Description
Terminal Services allows a Windows user to remotely obtain a graphical login (and therefore act as a local user on the remote host). If an attacker gains a valid login and password, this service could be used to gain further access on the remote host. An attacker may also use this service to mount a dictionary attack against the remote host to try to log in remotely. Note that RDP (the Remote Desktop Protocol) is vulnerable to Man-in-the-middle attacks, making it easy for attackers to steal the credentials of legitimate users by impersonating the Windows server.Solution
Disable Terminal Services if you do not use it, and do not allow this service to run across the Internet.Risk Factor
NonePlugin Information:
Publication date: 2002/04/20, Modification date: 2014/06/06Ports
tcp/3389
|
34252 - Microsoft Windows Remote Listeners Enumeration (WMI) |
[-/+] |
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/23, Modification date: 2017/04/03Ports
tcp/3389
The Win32 process 'svchost.exe' is listening on this port (pid 2100). This process 'svchost.exe' (pid 2100) is hosting the following Windows services : TermService (@%SystemRoot%\System32\termsrv.dll,-268)
3389/udp
|
34220 - Netstat Portscanner (WMI) |
[-/+] |
Synopsis
The list of open ports could be retrieved via netstat.Description
Using the WMI interface, it was possible to get the open ports by running the netstat command remotely.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/16, Modification date: 2017/04/03Ports
udp/3389
Port 3389/udp was found to be open
4500/udp
|
34220 - Netstat Portscanner (WMI) |
[-/+] |
Synopsis
The list of open ports could be retrieved via netstat.Description
Using the WMI interface, it was possible to get the open ports by running the netstat command remotely.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/16, Modification date: 2017/04/03Ports
udp/4500
Port 4500/udp was found to be open
|
34252 - Microsoft Windows Remote Listeners Enumeration (WMI) |
[-/+] |
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/23, Modification date: 2017/04/03Ports
udp/4500
The Win32 process 'svchost.exe' is listening on this port (pid 796). This process 'svchost.exe' (pid 796) is hosting the following Windows services : AppMgmt (@appmgmts.dll,-3250) CertPropSvc (@%SystemRoot%\System32\certprop.dll,-11) gpsvc (@gpapi.dll,-112) IKEEXT (@%SystemRoot%\system32\ikeext.dll,-501) iphlpsvc (@%SystemRoot%\system32\iphlpsvc.dll,-500) LanmanServer (@%systemroot%\system32\srvsvc.dll,-100) ProfSvc (@%systemroot%\system32\profsvc.dll,-300) Schedule (@%SystemRoot%\system32\schedsvc.dll,-100) SENS (@%SystemRoot%\system32\Sens.dll,-200) SessionEnv (@%SystemRoot%\System32\SessEnv.dll,-1026) ShellHWDetection (@%SystemRoot%\System32\shsvcs.dll,-12288) Themes (@%SystemRoot%\System32\themeservice.dll,-8192) Winmgmt (@%Systemroot%\system32\wbem\wmisvc.dll,-205)
5355/udp
|
34220 - Netstat Portscanner (WMI) |
[-/+] |
Synopsis
The list of open ports could be retrieved via netstat.Description
Using the WMI interface, it was possible to get the open ports by running the netstat command remotely.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/16, Modification date: 2017/04/03Ports
udp/5355
Port 5355/udp was found to be open
|
34252 - Microsoft Windows Remote Listeners Enumeration (WMI) |
[-/+] |
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/23, Modification date: 2017/04/03Ports
udp/5355
The Win32 process 'svchost.exe' is listening on this port (pid 928). This process 'svchost.exe' (pid 928) is hosting the following Windows services : CryptSvc (@%SystemRoot%\system32\cryptsvc.dll,-1001) Dnscache (@%SystemRoot%\System32\dnsapi.dll,-101) LanmanWorkstation (@%systemroot%\system32\wkssvc.dll,-100) NlaSvc (@%SystemRoot%\System32\nlasvc.dll,-1) WinRM (@%Systemroot%\system32\wsmsvc.dll,-101)
5985/tcp
|
34220 - Netstat Portscanner (WMI) |
[-/+] |
Synopsis
The list of open ports could be retrieved via netstat.Description
Using the WMI interface, it was possible to get the open ports by running the netstat command remotely.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/16, Modification date: 2017/04/03Ports
tcp/5985
Port 5985/tcp was found to be open
|
34252 - Microsoft Windows Remote Listeners Enumeration (WMI) |
[-/+] |
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/23, Modification date: 2017/04/03Ports
tcp/5985
The Win32 process 'System' is listening on this port (pid 4).
9389/tcp
|
34220 - Netstat Portscanner (WMI) |
[-/+] |
Synopsis
The list of open ports could be retrieved via netstat.Description
Using the WMI interface, it was possible to get the open ports by running the netstat command remotely.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/16, Modification date: 2017/04/03Ports
tcp/9389
Port 9389/tcp was found to be open
|
34252 - Microsoft Windows Remote Listeners Enumeration (WMI) |
[-/+] |
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/23, Modification date: 2017/04/03Ports
tcp/9389
The Win32 process 'Microsoft.ActiveDirectory.WebServices.exe' is listening on this port (pid 1240).
47001/tcp
|
34220 - Netstat Portscanner (WMI) |
[-/+] |
Synopsis
The list of open ports could be retrieved via netstat.Description
Using the WMI interface, it was possible to get the open ports by running the netstat command remotely.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/16, Modification date: 2017/04/03Ports
tcp/47001
Port 47001/tcp was found to be open
|
34252 - Microsoft Windows Remote Listeners Enumeration (WMI) |
[-/+] |
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/23, Modification date: 2017/04/03Ports
tcp/47001
The Win32 process 'System' is listening on this port (pid 4).
49152/tcp
|
10736 - DCE Services Enumeration |
[-/+] |
Synopsis
A DCE/RPC service is running on the remote host.Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2001/08/26, Modification date: 2014/05/12Ports
tcp/49152
The following DCERPC services are available on TCP port 49152 : Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91 UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0 Description : Unknown RPC service Type : Remote RPC service TCP Port : 49152 IP : 192.168.109.21
|
34220 - Netstat Portscanner (WMI) |
[-/+] |
Synopsis
The list of open ports could be retrieved via netstat.Description
Using the WMI interface, it was possible to get the open ports by running the netstat command remotely.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/16, Modification date: 2017/04/03Ports
tcp/49152
Port 49152/tcp was found to be open
|
34252 - Microsoft Windows Remote Listeners Enumeration (WMI) |
[-/+] |
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/23, Modification date: 2017/04/03Ports
tcp/49152
The Win32 process 'wininit.exe' is listening on this port (pid 384).
49153/tcp
|
10736 - DCE Services Enumeration |
[-/+] |
Synopsis
A DCE/RPC service is running on the remote host.Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2001/08/26, Modification date: 2014/05/12Ports
tcp/49153
The following DCERPC services are available on TCP port 49153 : Object UUID : 00000000-0000-0000-0000-000000000000 UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0 Description : Unknown RPC service Annotation : Event log TCPIP Type : Remote RPC service TCP Port : 49153 IP : 192.168.109.21 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0 Description : Unknown RPC service Annotation : NRP server endpoint Type : Remote RPC service TCP Port : 49153 IP : 192.168.109.21 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : abfb6ca3-0c5e-4734-9285-0aee72fe8d1c, version 1.0 Description : Unknown RPC service Annotation : Wcm Service Type : Remote RPC service TCP Port : 49153 IP : 192.168.109.21 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0 Description : Unknown RPC service Annotation : DHCPv6 Client LRPC Endpoint Type : Remote RPC service TCP Port : 49153 IP : 192.168.109.21 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0 Description : DHCP Client Service Windows process : svchost.exe Annotation : DHCP Client LRPC Endpoint Type : Remote RPC service TCP Port : 49153 IP : 192.168.109.21
|
34220 - Netstat Portscanner (WMI) |
[-/+] |
Synopsis
The list of open ports could be retrieved via netstat.Description
Using the WMI interface, it was possible to get the open ports by running the netstat command remotely.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/16, Modification date: 2017/04/03Ports
tcp/49153
Port 49153/tcp was found to be open
|
34252 - Microsoft Windows Remote Listeners Enumeration (WMI) |
[-/+] |
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/23, Modification date: 2017/04/03Ports
tcp/49153
The Win32 process 'svchost.exe' is listening on this port (pid 768). This process 'svchost.exe' (pid 768) is hosting the following Windows services : Dhcp (@%SystemRoot%\system32\dhcpcore.dll,-100) EventLog (@%SystemRoot%\system32\wevtsvc.dll,-200) lmhosts (@%SystemRoot%\system32\lmhsvc.dll,-101) Wcmsvc (@%SystemRoot%\System32\wcmsvc.dll,-4097)
49154/tcp
|
10736 - DCE Services Enumeration |
[-/+] |
Synopsis
A DCE/RPC service is running on the remote host.Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2001/08/26, Modification date: 2014/05/12Ports
tcp/49154
The following DCERPC services are available on TCP port 49154 : Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0 Description : Unknown RPC service Type : Remote RPC service TCP Port : 49154 IP : 192.168.109.21 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0 Description : Unknown RPC service Type : Remote RPC service TCP Port : 49154 IP : 192.168.109.21 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0 Description : Unknown RPC service Annotation : XactSrv service Type : Remote RPC service TCP Port : 49154 IP : 192.168.109.21 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 1a0d010f-1c33-432c-b0f5-8cf4e8053099, version 1.0 Description : Unknown RPC service Annotation : IdSegSrv service Type : Remote RPC service TCP Port : 49154 IP : 192.168.109.21 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0 Description : Unknown RPC service Annotation : IKE/Authip API Type : Remote RPC service TCP Port : 49154 IP : 192.168.109.21 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0 Description : Unknown RPC service Annotation : IP Transition Configuration endpoint Type : Remote RPC service TCP Port : 49154 IP : 192.168.109.21 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0 Description : Unknown RPC service Annotation : Proxy Manager provider server endpoint Type : Remote RPC service TCP Port : 49154 IP : 192.168.109.21 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0 Description : Unknown RPC service Annotation : Proxy Manager client server endpoint Type : Remote RPC service TCP Port : 49154 IP : 192.168.109.21 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0 Description : Unknown RPC service Annotation : Adh APIs Type : Remote RPC service TCP Port : 49154 IP : 192.168.109.21 Object UUID : 73736573-6f69-656e-6e76-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Remote RPC service TCP Port : 49154 IP : 192.168.109.21 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0 Description : Unknown RPC service Type : Remote RPC service TCP Port : 49154 IP : 192.168.109.21
|
34220 - Netstat Portscanner (WMI) |
[-/+] |
Synopsis
The list of open ports could be retrieved via netstat.Description
Using the WMI interface, it was possible to get the open ports by running the netstat command remotely.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/16, Modification date: 2017/04/03Ports
tcp/49154
Port 49154/tcp was found to be open
|
34252 - Microsoft Windows Remote Listeners Enumeration (WMI) |
[-/+] |
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/23, Modification date: 2017/04/03Ports
tcp/49154
The Win32 process 'svchost.exe' is listening on this port (pid 796). This process 'svchost.exe' (pid 796) is hosting the following Windows services : AppMgmt (@appmgmts.dll,-3250) CertPropSvc (@%SystemRoot%\System32\certprop.dll,-11) gpsvc (@gpapi.dll,-112) IKEEXT (@%SystemRoot%\system32\ikeext.dll,-501) iphlpsvc (@%SystemRoot%\system32\iphlpsvc.dll,-500) LanmanServer (@%systemroot%\system32\srvsvc.dll,-100) ProfSvc (@%systemroot%\system32\profsvc.dll,-300) Schedule (@%SystemRoot%\system32\schedsvc.dll,-100) SENS (@%SystemRoot%\system32\Sens.dll,-200) SessionEnv (@%SystemRoot%\System32\SessEnv.dll,-1026) ShellHWDetection (@%SystemRoot%\System32\shsvcs.dll,-12288) Themes (@%SystemRoot%\System32\themeservice.dll,-8192) Winmgmt (@%Systemroot%\system32\wbem\wmisvc.dll,-205)
49155/tcp
|
90510 - MS16-047: Security Update for SAM and LSAD Remote Protocols (3148527) (Badlock) (uncredentialed check) |
[-/+] |
Synopsis
The remote Windows host is affected by an elevation of privilege vulnerability.Description
The remote Windows host is affected by an elevation of privilege vulnerability in the Security Account Manager (SAM) and Local Security Authority (Domain Policy) (LSAD) protocols due to improper authentication level negotiation over Remote Procedure Call (RPC) channels. A man-in-the-middle attacker able to intercept communications between a client and a server hosting a SAM database can exploit this to force the authentication level to downgrade, allowing the attacker to impersonate an authenticated user and access the SAM database.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
MediumCVSS Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)CVSS Temporal Score
5.6 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IReferences
| BID |
86002
|
| CVE |
CVE-2016-0128
|
| XREF |
OSVDB:136339 |
| XREF |
MSFT:MS16-047 |
| XREF |
CERT:813296 |
| XREF |
IAVA:2016-A-0093 |
Plugin Information:
Publication date: 2016/04/13, Modification date: 2016/07/19Ports
tcp/49155
|
10736 - DCE Services Enumeration |
[-/+] |
Synopsis
A DCE/RPC service is running on the remote host.Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2001/08/26, Modification date: 2014/05/12Ports
tcp/49155
The following DCERPC services are available on TCP port 49155 : Object UUID : 7364746e-0000-0000-0000-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Remote RPC service TCP Port : 49155 IP : 192.168.109.21 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : e3514235-4b06-11d1-ab04-00c04fc2dcd2, version 4.0 Description : Active Directory Replication Interface Windows process : unknown Annotation : MS NT Directory DRS Interface Type : Remote RPC service TCP Port : 49155 IP : 192.168.109.21 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ab, version 0.0 Description : Local Security Authority Windows process : lsass.exe Type : Remote RPC service TCP Port : 49155 IP : 192.168.109.21 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Remote RPC service TCP Port : 49155 IP : 192.168.109.21 Object UUID : 5fc860e0-6f6e-4fc2-83cd-46324f25e90b UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0 Description : Unknown RPC service Annotation : RemoteAccessCheck Type : Remote RPC service TCP Port : 49155 IP : 192.168.109.21 Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0 Description : Unknown RPC service Annotation : RemoteAccessCheck Type : Remote RPC service TCP Port : 49155 IP : 192.168.109.21 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345678-1234-abcd-ef00-01234567cffb, version 1.0 Description : Network Logon Service Windows process : lsass.exe Type : Remote RPC service TCP Port : 49155 IP : 192.168.109.21 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 Description : Unknown RPC service Annotation : KeyIso Type : Remote RPC service TCP Port : 49155 IP : 192.168.109.21 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : b9785960-524f-11df-8b6d-83dcded72085, version 1.0 Description : Unknown RPC service Annotation : SIDKEY Type : Remote RPC service TCP Port : 49155 IP : 192.168.109.21
|
34220 - Netstat Portscanner (WMI) |
[-/+] |
Synopsis
The list of open ports could be retrieved via netstat.Description
Using the WMI interface, it was possible to get the open ports by running the netstat command remotely.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/16, Modification date: 2017/04/03Ports
tcp/49155
Port 49155/tcp was found to be open
|
34252 - Microsoft Windows Remote Listeners Enumeration (WMI) |
[-/+] |
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/23, Modification date: 2017/04/03Ports
tcp/49155
The Win32 process 'lsass.exe' is listening on this port (pid 480). This process 'lsass.exe' (pid 480) is hosting the following Windows services : Kdc (@%SystemRoot%\System32\kdcsvc.dll,-1) KdsSvc (@KdsSvc.dll,-100) KeyIso (@keyiso.dll,-100) Netlogon (@%SystemRoot%\System32\netlogon.dll,-102) NTDS (@%SystemRoot%\System32\ntdsmsg.dll,-1) SamSs (@%SystemRoot%\system32\samsrv.dll,-1)
49157/tcp
|
10761 - COM+ Internet Services (CIS) Server Detection |
[-/+] |
Synopsis
A COM+ Internet Services (CIS) server is listening on this port.Description
COM+ Internet Services are RPC over HTTP tunneling and require IIS to operate. CIS ports shouldn't be visible on internet but only behind a firewall.See Also
Solution
If you do not use this service, disable it with DCOMCNFG. Otherwise, limit access to this port.Risk Factor
NonePlugin Information:
Publication date: 2001/09/14, Modification date: 2011/03/21Ports
tcp/49157
Server banner : ncacn_http/1.0
|
34220 - Netstat Portscanner (WMI) |
[-/+] |
Synopsis
The list of open ports could be retrieved via netstat.Description
Using the WMI interface, it was possible to get the open ports by running the netstat command remotely.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/16, Modification date: 2017/04/03Ports
tcp/49157
Port 49157/tcp was found to be open
|
34252 - Microsoft Windows Remote Listeners Enumeration (WMI) |
[-/+] |
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/23, Modification date: 2017/04/03Ports
tcp/49157
The Win32 process 'lsass.exe' is listening on this port (pid 480). This process 'lsass.exe' (pid 480) is hosting the following Windows services : Kdc (@%SystemRoot%\System32\kdcsvc.dll,-1) KdsSvc (@KdsSvc.dll,-100) KeyIso (@keyiso.dll,-100) Netlogon (@%SystemRoot%\System32\netlogon.dll,-102) NTDS (@%SystemRoot%\System32\ntdsmsg.dll,-1) SamSs (@%SystemRoot%\system32\samsrv.dll,-1)
49158/tcp
|
90510 - MS16-047: Security Update for SAM and LSAD Remote Protocols (3148527) (Badlock) (uncredentialed check) |
[-/+] |
Synopsis
The remote Windows host is affected by an elevation of privilege vulnerability.Description
The remote Windows host is affected by an elevation of privilege vulnerability in the Security Account Manager (SAM) and Local Security Authority (Domain Policy) (LSAD) protocols due to improper authentication level negotiation over Remote Procedure Call (RPC) channels. A man-in-the-middle attacker able to intercept communications between a client and a server hosting a SAM database can exploit this to force the authentication level to downgrade, allowing the attacker to impersonate an authenticated user and access the SAM database.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
MediumCVSS Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)CVSS Temporal Score
5.6 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IReferences
| BID |
86002
|
| CVE |
CVE-2016-0128
|
| XREF |
OSVDB:136339 |
| XREF |
MSFT:MS16-047 |
| XREF |
CERT:813296 |
| XREF |
IAVA:2016-A-0093 |
Plugin Information:
Publication date: 2016/04/13, Modification date: 2016/07/19Ports
tcp/49158
|
10736 - DCE Services Enumeration |
[-/+] |
Synopsis
A DCE/RPC service is running on the remote host.Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2001/08/26, Modification date: 2014/05/12Ports
tcp/49158
The following DCERPC services are available on TCP port 49158 : Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Remote RPC service TCP Port : 49158 IP : 192.168.109.21 Object UUID : 5fc860e0-6f6e-4fc2-83cd-46324f25e90b UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0 Description : Unknown RPC service Annotation : RemoteAccessCheck Type : Remote RPC service TCP Port : 49158 IP : 192.168.109.21 Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0 Description : Unknown RPC service Annotation : RemoteAccessCheck Type : Remote RPC service TCP Port : 49158 IP : 192.168.109.21 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345678-1234-abcd-ef00-01234567cffb, version 1.0 Description : Network Logon Service Windows process : lsass.exe Type : Remote RPC service TCP Port : 49158 IP : 192.168.109.21 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 Description : Unknown RPC service Annotation : KeyIso Type : Remote RPC service TCP Port : 49158 IP : 192.168.109.21 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : b9785960-524f-11df-8b6d-83dcded72085, version 1.0 Description : Unknown RPC service Annotation : SIDKEY Type : Remote RPC service TCP Port : 49158 IP : 192.168.109.21
|
34220 - Netstat Portscanner (WMI) |
[-/+] |
Synopsis
The list of open ports could be retrieved via netstat.Description
Using the WMI interface, it was possible to get the open ports by running the netstat command remotely.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/16, Modification date: 2017/04/03Ports
tcp/49158
Port 49158/tcp was found to be open
|
34252 - Microsoft Windows Remote Listeners Enumeration (WMI) |
[-/+] |
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/23, Modification date: 2017/04/03Ports
tcp/49158
The Win32 process 'lsass.exe' is listening on this port (pid 480). This process 'lsass.exe' (pid 480) is hosting the following Windows services : Kdc (@%SystemRoot%\System32\kdcsvc.dll,-1) KdsSvc (@KdsSvc.dll,-100) KeyIso (@keyiso.dll,-100) Netlogon (@%SystemRoot%\System32\netlogon.dll,-102) NTDS (@%SystemRoot%\System32\ntdsmsg.dll,-1) SamSs (@%SystemRoot%\system32\samsrv.dll,-1)
49159/tcp
|
10736 - DCE Services Enumeration |
[-/+] |
Synopsis
A DCE/RPC service is running on the remote host.Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2001/08/26, Modification date: 2014/05/12Ports
tcp/49159
The following DCERPC services are available on TCP port 49159 : Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345678-1234-abcd-ef00-0123456789ab, version 1.0 Description : IPsec Services (Windows XP & 2003) Windows process : lsass.exe Type : Remote RPC service TCP Port : 49159 IP : 192.168.109.21 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1.0 Description : Unknown RPC service Type : Remote RPC service TCP Port : 49159 IP : 192.168.109.21 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : ae33069b-a2a8-46ee-a235-ddfd339be281, version 1.0 Description : Unknown RPC service Type : Remote RPC service TCP Port : 49159 IP : 192.168.109.21 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 4a452661-8290-4b36-8fbe-7f4093a94978, version 1.0 Description : Unknown RPC service Type : Remote RPC service TCP Port : 49159 IP : 192.168.109.21 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 76f03f96-cdfd-44fc-a22c-64950a001209, version 1.0 Description : Unknown RPC service Type : Remote RPC service TCP Port : 49159 IP : 192.168.109.21
|
34220 - Netstat Portscanner (WMI) |
[-/+] |
Synopsis
The list of open ports could be retrieved via netstat.Description
Using the WMI interface, it was possible to get the open ports by running the netstat command remotely.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/16, Modification date: 2017/04/03Ports
tcp/49159
Port 49159/tcp was found to be open
|
34252 - Microsoft Windows Remote Listeners Enumeration (WMI) |
[-/+] |
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/23, Modification date: 2017/04/03Ports
tcp/49159
The Win32 process 'spoolsv.exe' is listening on this port (pid 1208). This process 'spoolsv.exe' (pid 1208) is hosting the following Windows services : Spooler (@%systemroot%\system32\spoolsv.exe,-1)
49163/tcp
|
10736 - DCE Services Enumeration |
[-/+] |
Synopsis
A DCE/RPC service is running on the remote host.Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2001/08/26, Modification date: 2014/05/12Ports
tcp/49163
The following DCERPC services are available on TCP port 49163 : Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 6bffd098-a112-3610-9833-46c3f874532d, version 1.0 Description : DHCP Server Service Windows process : unknown Type : Remote RPC service TCP Port : 49163 IP : 192.168.109.21 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 5b821720-f63b-11d0-aad2-00c04fc324db, version 1.0 Description : DHCP Server Service Windows process : unknown Type : Remote RPC service TCP Port : 49163 IP : 192.168.109.21
|
34220 - Netstat Portscanner (WMI) |
[-/+] |
Synopsis
The list of open ports could be retrieved via netstat.Description
Using the WMI interface, it was possible to get the open ports by running the netstat command remotely.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/16, Modification date: 2017/04/03Ports
tcp/49163
Port 49163/tcp was found to be open
|
34252 - Microsoft Windows Remote Listeners Enumeration (WMI) |
[-/+] |
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/23, Modification date: 2017/04/03Ports
tcp/49163
The Win32 process 'svchost.exe' is listening on this port (pid 1384). This process 'svchost.exe' (pid 1384) is hosting the following Windows services : DHCPServer (@%SystemRoot%\system32\dhcpssvc.dll,-200)
49164/tcp
|
10736 - DCE Services Enumeration |
[-/+] |
Synopsis
A DCE/RPC service is running on the remote host.Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2001/08/26, Modification date: 2014/05/12Ports
tcp/49164
The following DCERPC services are available on TCP port 49164 : Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 367abb81-9844-35f1-ad32-98f038001003, version 2.0 Description : Service Control Manager Windows process : svchost.exe Type : Remote RPC service TCP Port : 49164 IP : 192.168.109.21
|
34220 - Netstat Portscanner (WMI) |
[-/+] |
Synopsis
The list of open ports could be retrieved via netstat.Description
Using the WMI interface, it was possible to get the open ports by running the netstat command remotely.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/16, Modification date: 2017/04/03Ports
tcp/49164
Port 49164/tcp was found to be open
|
34252 - Microsoft Windows Remote Listeners Enumeration (WMI) |
[-/+] |
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/23, Modification date: 2017/04/03Ports
tcp/49164
The Win32 process 'services.exe' is listening on this port (pid 472).
49171/tcp
|
10736 - DCE Services Enumeration |
[-/+] |
Synopsis
A DCE/RPC service is running on the remote host.Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2001/08/26, Modification date: 2014/05/12Ports
tcp/49171
The following DCERPC services are available on TCP port 49171 : Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 50abc2a4-574d-40b3-9d66-ee4fd5fba076, version 5.0 Description : DNS Server Windows process : dns.exe Type : Remote RPC service TCP Port : 49171 IP : 192.168.109.21
49173/tcp
|
10736 - DCE Services Enumeration |
[-/+] |
Synopsis
A DCE/RPC service is running on the remote host.Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2001/08/26, Modification date: 2014/05/12Ports
tcp/49173
The following DCERPC services are available on TCP port 49173 : Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 91ae6020-9e3c-11cf-8d7c-00aa00c091be, version 0.0 Description : Certificate Service Windows process : unknown Type : Remote RPC service TCP Port : 49173 IP : 192.168.109.21
|
34220 - Netstat Portscanner (WMI) |
[-/+] |
Synopsis
The list of open ports could be retrieved via netstat.Description
Using the WMI interface, it was possible to get the open ports by running the netstat command remotely.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/16, Modification date: 2017/04/03Ports
tcp/49173
Port 49173/tcp was found to be open
|
34252 - Microsoft Windows Remote Listeners Enumeration (WMI) |
[-/+] |
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/23, Modification date: 2017/04/03Ports
tcp/49173
The Win32 process 'certsrv.exe' is listening on this port (pid 1284). This process 'certsrv.exe' (pid 1284) is hosting the following Windows services : CertSvc (@%systemroot%\system32\certocm.dll,-347)
49186/tcp
|
10736 - DCE Services Enumeration |
[-/+] |
Synopsis
A DCE/RPC service is running on the remote host.Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2001/08/26, Modification date: 2014/05/12Ports
tcp/49186
The following DCERPC services are available on TCP port 49186 : Object UUID : 5bc1ed07-f5f5-485f-9dfd-6fd0acf9a23c UUID : 897e2e5f-93f3-4376-9c9c-fd2277495c27, version 1.0 Description : Unknown RPC service Annotation : Frs2 Service Type : Remote RPC service TCP Port : 49186 IP : 192.168.109.21
|
34220 - Netstat Portscanner (WMI) |
[-/+] |
Synopsis
The list of open ports could be retrieved via netstat.Description
Using the WMI interface, it was possible to get the open ports by running the netstat command remotely.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/16, Modification date: 2017/04/03Ports
tcp/49186
Port 49186/tcp was found to be open
|
34252 - Microsoft Windows Remote Listeners Enumeration (WMI) |
[-/+] |
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/23, Modification date: 2017/04/03Ports
tcp/49186
The Win32 process 'dfsrs.exe' is listening on this port (pid 1320). This process 'dfsrs.exe' (pid 1320) is hosting the following Windows services : DFSR (@dfsrress.dll,-101)
192.168.109.22
Scan Information
| Start time: |
Wed Apr 12 01:00:52 2017 |
| End time: |
Wed Apr 12 01:03:45 2017 |
Host Information
| OS: |
Linux Kernel 3.10.0-327.10.1.el7.x86_64 on Red Hat Enterprise Linux Server release 7.1 (Maipo) |
Results Summary
| Critical |
High |
Medium |
Low |
Info |
Total |
| 13 |
39 |
34 |
2 |
16 |
104 |
Results Details
0/tcp
|
14657 - Red Hat Update Level |
[-/+] |
Synopsis
The remote Red Hat server is out-of-date.Description
The remote Red Hat server is missing the latest bugfix update package. As a result, it is likely to contain multiple security vulnerabilities.See Also
Solution
Apply the latest update.Risk Factor
CriticalCVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)Plugin Information:
Publication date: 2004/09/03, Modification date: 2016/01/04Ports
tcp/0
Installed version : 7.1 Latest version : 7.2
|
86576 - Oracle Database Multiple Vulnerabilities (October 2015 CPU) |
[-/+] |
Synopsis
The remote database server is affected by multiple vulnerabilities.Description
The remote Oracle database server is missing the October 2015 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities in the following components : - Core RDBMS (CVE-2015-4857) - Database Scheduler (CVE-2015-4873) - Java VM (CVE-2015-4794, CVE-2015-4796, CVE-2015-4888) - Portable Clusterware (CVE-2015-4863) - XDB-XML Database (CVE-2015-4900)See Also
Solution
Apply the appropriate patch according to the October 2015 Oracle Critical Patch Update advisory.Risk Factor
CriticalCVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2015/10/23, Modification date: 2016/04/28Ports
tcp/0
The following vulnerable instance of Oracle Database is installed on the remote host : Ohome : /clu_fs/his/oracle/product/12.1 Missing OJVM Patches : 21555660
|
89774 - RHEL 5 / 6 / 7 : firefox (RHSA-2016:0373) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-1952, CVE-2016-1954, CVE-2016-1957, CVE-2016-1958, CVE-2016-1960, CVE-2016-1961, CVE-2016-1962, CVE-2016-1973, CVE-2016-1974, CVE-2016-1964, CVE-2016-1965, CVE-2016-1966) Multiple security flaws were found in the graphite2 font library shipped with Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel Holbert, Jesse Ruderman, Randell Jesup, Nicolas Golubovic, Jose Martinez, Romina Santillan, Abdulrahman Alqabandi, ca0nguyen, lokihardt, Dominique Hazael-Massieux, Nicolas Gregoire, Tsubasa Iinuma, the Communications Electronics Security Group (UK) of the GCHQ, Holger Fuhrmannek, Ronald Crane, and Tyson Smith as the original reporters of these issues. All Firefox users should upgrade to these updated packages, which contain Firefox version 38.7.0 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.See Also
Solution
Update the affected firefox and / or firefox-debuginfo packages.Risk Factor
CriticalCVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
8.5 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/03/09, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : firefox-38.6.1-1.el7_2 Should be : firefox-38.7.0-1.el7_2 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
90615 - RHEL 7 : java-1.8.0-openjdk (RHSA-2016:0650) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es) : * Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2016-0686, CVE-2016-0687) * It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger deserialization flaws. (CVE-2016-3427) * It was discovered that the JAXP component in OpenJDK failed to properly handle Unicode surrogate pairs used as part of the XML attribute values. Specially crafted XML input could cause a Java application to use an excessive amount of memory when parsed. (CVE-2016-3425) * It was discovered that the GCM (Galois/Counter Mode) implementation in the JCE component in OpenJDK used a non-constant time comparison when comparing GCM authentication tags. A remote attacker could possibly use this flaw to determine the value of the authentication tag. (CVE-2016-3426) * It was discovered that the Security component in OpenJDK failed to check the digest algorithm strength when generating DSA signatures. The use of a digest weaker than the key strength could lead to the generation of signatures that were weaker than expected. (CVE-2016-0695) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.See Also
Solution
Update the affected packages.Risk Factor
CriticalCVSS v3.0 Base Score
9.6 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)CVSS v3.0 Temporal Score
8.3 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/04/21, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : java-1.8.0-openjdk-1.8.0.71-2.b15.el7_2 Should be : java-1.8.0-openjdk-1.8.0.91-0.b14.el7_2 Remote package installed : java-1.8.0-openjdk-headless-1.8.0.71-2.b15.el7_2 Should be : java-1.8.0-openjdk-headless-1.8.0.91-0.b14.el7_2 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
90669 - RHEL 5 / 7 : java-1.7.0-openjdk (RHSA-2016:0676) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es) : * Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2016-0686, CVE-2016-0687) * It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger deserialization flaws. (CVE-2016-3427) * It was discovered that the JAXP component in OpenJDK failed to properly handle Unicode surrogate pairs used as part of the XML attribute values. Specially crafted XML input could cause a Java application to use an excessive amount of memory when parsed. (CVE-2016-3425) * It was discovered that the Security component in OpenJDK failed to check the digest algorithm strength when generating DSA signatures. The use of a digest weaker than the key strength could lead to the generation of signatures that were weaker than expected. (CVE-2016-0695)See Also
Solution
Update the affected packages.Risk Factor
CriticalCVSS v3.0 Base Score
9.6 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)CVSS v3.0 Temporal Score
8.3 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/04/22, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : java-1.7.0-openjdk-1.7.0.95-2.6.4.0.el7_2 Should be : java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2 Remote package installed : java-1.7.0-openjdk-headless-1.7.0.95-2.6.4.0.el7_2 Should be : java-1.7.0-openjdk-headless-1.7.0.101-2.6.6.1.el7_2 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
91033 - RHEL 7 : openssl (RHSA-2016:0722) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for openssl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es) : * A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. (CVE-2016-2108) * Two integer overflow flaws, leading to buffer overflows, were found in the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of OpenSSL parsed very large amounts of input data. A remote attacker could use these flaws to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2105, CVE-2016-2106) * It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107) * Several flaws were found in the way BIO_*printf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application. (CVE-2016-0799, CVE-2016-2842) * A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An application using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate an excessive amount of data. (CVE-2016-2109) Red Hat would like to thank the OpenSSL project for reporting CVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno Bock, and David Benjamin (Google) as the original reporters of CVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and CVE-2016-0799; and Juraj Somorovsky as the original reporter of CVE-2016-2107.See Also
Solution
Update the affected packages.Risk Factor
CriticalCVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
8.5 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/05/11, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : openssl-1.0.1e-51.el7_2.4 Should be : openssl-1.0.1e-51.el7_2.5 Remote package installed : openssl-libs-1.0.1e-51.el7_2.4 Should be : openssl-libs-1.0.1e-51.el7_2.5 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
91036 - RHEL 6 / 7 : ImageMagick (RHSA-2016:0726) (ImageTragick) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for ImageMagick is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Security Fix(es) : * It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application. (CVE-2016-3714) * It was discovered that certain ImageMagick coders and pseudo-protocols did not properly prevent security sensitive operations when processing specially crafted images. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would allow the attacker to delete, move, or disclose the contents of arbitrary files. (CVE-2016-3715, CVE-2016-3716, CVE-2016-3717) * A server-side request forgery flaw was discovered in the way ImageMagick processed certain images. A remote attacker could exploit this flaw to mislead an application using ImageMagick or an unsuspecting user using the ImageMagick utilities into, for example, performing HTTP(S) requests or opening FTP sessions via specially crafted images. (CVE-2016-3718) Note: This update contains an updated /etc/ImageMagick/policy.xml file that disables the EPHEMERAL, HTTPS, HTTP, URL, FTP, MVG, MSL, TEXT, and LABEL coders. If you experience any problems after the update, it may be necessary to manually adjust the policy.xml file to match your requirements. Please take additional precautions to ensure that your applications using the ImageMagick library do not process malicious or untrusted files before doing so.See Also
Solution
Update the affected packages.Risk Factor
CriticalCVSS v3.0 Base Score
8.4 (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:F/RL:O/RC:X)CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
8.3 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/05/11, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : ImageMagick-6.7.8.9-10.el7 Should be : ImageMagick-6.7.8.9-13.el7_2 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
91642 - RHEL 6 / 7 : ImageMagick (RHSA-2016:1237) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for ImageMagick is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Security Fix(es) : * It was discovered that ImageMagick did not properly sanitize certain input before using it to invoke processes. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application. (CVE-2016-5118) * It was discovered that ImageMagick did not properly sanitize certain input before passing it to the gnuplot delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application. (CVE-2016-5239) * Multiple flaws have been discovered in ImageMagick. A remote attacker could, for example, create specially crafted images that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would result in a memory corruption and, potentially, execution of arbitrary code, a denial of service, or an application crash. (CVE-2015-8896, CVE-2015-8895, CVE-2016-5240, CVE-2015-8897, CVE-2015-8898)See Also
Solution
Update the affected packages.Risk Factor
CriticalCVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
8.5 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/06/17, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : ImageMagick-6.7.8.9-10.el7 Should be : ImageMagick-6.7.8.9-15.el7_2 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
91802 - RHEL 6 / 7 : libxml2 (RHSA-2016:1292) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for libxml2 is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix(es) : A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or execute arbitrary code with the permissions of the user running the application. (CVE-2016-1834, CVE-2016-1840) Multiple denial of service flaws were found in libxml2. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, could cause that application to crash. (CVE-2016-1762, CVE-2016-1833, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449)See Also
Solution
Update the affected packages.Risk Factor
CriticalCVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
8.6 (CVSS:3.0/E:U/RL:X/RC:R)CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
8.1 (CVSS2#E:U/RL:ND/RC:UR)References
Plugin Information:
Publication date: 2016/06/24, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : libxml2-2.9.1-6.el7_2.2 Should be : libxml2-2.9.1-6.el7_2.3 Remote package installed : libxml2-python-2.9.1-6.el7_2.2 Should be : libxml2-python-2.9.1-6.el7_2.3 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
94537 - RHEL 7 : kernel (RHSA-2016:2574) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * It was found that the Linux kernel's IPv6 implementation mishandled socket options. A local attacker could abuse concurrent access to the socket options to escalate their privileges, or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call. (CVE-2016-3841, Important) * Several Moderate and Low impact security issues were found in the Linux kernel. Space precludes documenting each of these issues in this advisory. Refer to the CVE links in the References section for a description of each of these vulnerabilities. (CVE-2013-4312, CVE-2015-8374, CVE-2015-8543, CVE-2015-8812, CVE-2015-8844, CVE-2015-8845, CVE-2016-2053, CVE-2016-2069, CVE-2016-2847, CVE-2016-3156, CVE-2016-4581, CVE-2016-4794, CVE-2016-5412, CVE-2016-5828, CVE-2016-5829, CVE-2016-6136, CVE-2016-6198, CVE-2016-6327, CVE-2016-6480, CVE-2015-8746, CVE-2015-8956, CVE-2016-2117, CVE-2016-2384, CVE-2016-3070, CVE-2016-3699, CVE-2016-4569, CVE-2016-4578) Red Hat would like to thank Philip Pettersson (Samsung) for reporting CVE-2016-2053; Tetsuo Handa for reporting CVE-2016-2847; the Virtuozzo kernel team and Solar Designer (Openwall) for reporting CVE-2016-3156; Justin Yackoski (Cryptonite) for reporting CVE-2016-2117; and Linn Crosetto (HP) for reporting CVE-2016-3699. The CVE-2015-8812 issue was discovered by Venkatesh Pottem (Red Hat Engineering); the CVE-2015-8844 and CVE-2015-8845 issues were discovered by Miroslav Vadkerti (Red Hat Engineering); the CVE-2016-4581 issue was discovered by Eric W. Biederman (Red Hat); the CVE-2016-6198 issue was discovered by CAI Qian (Red Hat); and the CVE-2016-3070 issue was discovered by Jan Stancek (Red Hat). Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.See Also
Solution
Update the affected packages.Risk Factor
CriticalCVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
8.5 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/11/04, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : kernel-3.10.0-327.10.1.el7 Should be : kernel-3.10.0-514.el7 Remote package installed : kernel-devel-3.10.0-327.10.1.el7 Should be : kernel-devel-3.10.0-514.el7 Remote package installed : kernel-headers-3.10.0-327.10.1.el7 Should be : kernel-headers-3.10.0-514.el7 Remote package installed : kernel-tools-3.10.0-327.10.1.el7 Should be : kernel-tools-3.10.0-514.el7 Remote package installed : kernel-tools-libs-3.10.0-327.10.1.el7 Should be : kernel-tools-libs-3.10.0-514.el7 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
94549 - RHEL 7 : python (RHSA-2016:2586) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for python is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es) : * A vulnerability was discovered in Python, in the built-in zipimporter. A specially crafted zip file placed in a module path such that it would be loaded by a later 'import' statement could cause a heap overflow, leading to arbitrary code execution. (CVE-2016-5636) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.See Also
Solution
Update the affected packages.Risk Factor
CriticalCVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
8.5 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/11/04, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : python-2.7.5-34.el7 Should be : python-2.7.5-48.el7 Remote package installed : python-libs-2.7.5-34.el7 Should be : python-libs-2.7.5-48.el7 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
94558 - RHEL 7 : mariadb (RHSA-2016:2595) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for mariadb is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a newer upstream version: mariadb (5.5.52). (BZ#1304516, BZ#1377974) Security Fix(es) : * It was discovered that the MariaDB logging functionality allowed writing to MariaDB configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server. (CVE-2016-6662) * A race condition was found in the way MariaDB performed MyISAM engine table repair. A database user with shell access to the server running mysqld could use this flaw to change permissions of arbitrary files writable by the mysql system user. (CVE-2016-6663) * This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2016-3492, CVE-2016-5612, CVE-2016-5616, CVE-2016-5624, CVE-2016-5626, CVE-2016-5629, CVE-2016-8283) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.See Also
Solution
Update the affected packages.Risk Factor
CriticalCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
8.5 (CVSS:3.0/E:F/RL:U/RC:X)CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
9.5 (CVSS2#E:F/RL:U/RC:ND)References
Plugin Information:
Publication date: 2016/11/04, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : mariadb-libs-5.5.44-1.el7_1 Should be : mariadb-libs-5.5.52-1.el7 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
96593 - RHEL 7 : kernel (RHSA-2017:0086) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated kernel packages include several security issues and numerous bug fixes, some of which you can see below. Space precludes documenting all of these bug fixes in this advisory. To see the complete list of bug fixes, users are directed to the related Knowledge Article: https://access.redhat.com/articles/2857831. Security Fix(es) : * A use-after-free vulnerability was found in the kernel's socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function. (CVE-2016-7117, Important) * A use-after-free vulnerability was found in tcp_xmit_retransmit_queue and other tcp_* functions. This condition could allow an attacker to send an incorrect selective acknowledgment to existing connections, possibly resetting a connection. (CVE-2016-6828, Moderate) * A flaw was found in the Linux kernel's implementation of the SCTP protocol. A remote attacker could trigger an out-of-bounds read with an offset of up to 64kB potentially causing the system to crash. (CVE-2016-9555, Moderate) Bug Fix(es) : * Previously, the performance of Internet Protocol over InfiniBand (IPoIB) was suboptimal due to a conflict of IPoIB with the Generic Receive Offload (GRO) infrastructure. With this update, the data cached by the IPoIB driver has been moved from a control block into the IPoIB hard header, thus avoiding the GRO problem and the corruption of IPoIB address information. As a result, the performance of IPoIB has been improved. (BZ#1390668) * Previously, when a virtual machine (VM) with PCI-Passthrough interfaces was recreated, a race condition between the eventfd daemon and the virqfd daemon occurred. Consequently, the operating system rebooted. This update fixes the race condition. As a result, the operating system no longer reboots in the described situation. (BZ#1391611) * Previously, a packet loss occurred when the team driver in round-robin mode was sending a large number of packets. This update fixes counting of the packets in the round-robin runner of the team driver, and the packet loss no longer occurs in the described situation. (BZ#1392023) * Previously, the virtual network devices contained in the deleted namespace could be deleted in any order. If the loopback device was not deleted as the last item, other netns devices, such as vxlan devices, could end up with dangling references to the loopback device. Consequently, deleting a network namespace (netns) occasionally ended by a kernel oops. With this update, the underlying source code has been fixed to ensure the correct order when deleting the virtual network devices on netns deletion. As a result, the kernel oops no longer occurs under the described circumstances. (BZ#1392024) * Previously, a Kabylake system with a Sunrise Point Platform Controller Hub (PCH) with a PCI device ID of 0xA149 showed the following warning messages during the boot : 'Unknown Intel PCH (0xa149) detected.' 'Warning: Intel Kabylake processor with unknown PCH - this hardware has not undergone testing by Red Hat and might not be certified. Please consult https://hardware.redhat.com for certified hardware.' The messages were shown because this PCH was not properly recognized. With this update, the problem has been fixed, and the operating system now boots without displaying the warning messages. (BZ#1392033) * Previously, the operating system occasionally became unresponsive after a long run. This was caused by a race condition between the try_to_wake_up() function and a woken up task in the core scheduler. With this update, the race condition has been fixed, and the operating system no longer locks up in the described scenario. (BZ#1393719)See Also
Solution
Update the affected packages.Risk Factor
CriticalCVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
8.5 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2017/01/18, Modification date: 2017/01/23Ports
tcp/0
Remote package installed : kernel-3.10.0-327.10.1.el7 Should be : kernel-3.10.0-514.6.1.el7 Remote package installed : kernel-devel-3.10.0-327.10.1.el7 Should be : kernel-devel-3.10.0-514.6.1.el7 Remote package installed : kernel-headers-3.10.0-327.10.1.el7 Should be : kernel-headers-3.10.0-514.6.1.el7 Remote package installed : kernel-tools-3.10.0-327.10.1.el7 Should be : kernel-tools-3.10.0-514.6.1.el7 Remote package installed : kernel-tools-libs-3.10.0-327.10.1.el7 Should be : kernel-tools-libs-3.10.0-514.6.1.el7 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
78540 - Oracle Database Multiple Vulnerabilities (October 2014 CPU) |
[-/+] |
Synopsis
The remote database server is affected by multiple vulnerabilities.Description
The remote Oracle database server is missing the October 2014 Critical Patch Update (CPU). It is, therefore, affected by security issues in the following components : - Application Express - Core RDBMS - Java VM - JDBC - JPublisher - SQLJSee Also
Solution
Apply the appropriate patch according to the October 2014 Oracle Critical Patch Update advisory.Risk Factor
HighCVSS Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)CVSS Temporal Score
7.8 (CVSS2#E:ND/RL:OF/RC:C)References
Plugin Information:
Publication date: 2014/10/17, Modification date: 2015/11/18Ports
tcp/0
The following vulnerable instance of Oracle Database is installed on the remote host : Ohome : /clu_fs/his/oracle/product/12.1 Missing OJVM Patches : 19282028
|
80906 - Oracle Database Multiple Vulnerabilities (January 2015 CPU) |
[-/+] |
Synopsis
The remote database server is affected by multiple vulnerabilities.Description
The remote Oracle database server is missing the January 2015 Critical Patch Update (CPU). It is, therefore, affected by security issues in the following components : - Core RDBMS - DBMS_UTILITY - PL/SQL - Recovery - Workspace Manager - XML Developer's Kit for CSee Also
Solution
Apply the appropriate patch according to the January 2015 Oracle Critical Patch Update advisory.Risk Factor
HighCVSS Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)CVSS Temporal Score
7.8 (CVSS2#E:ND/RL:OF/RC:C)References
Exploitable with
Core Impact (true)Plugin Information:
Publication date: 2015/01/22, Modification date: 2015/07/14Ports
tcp/0
The following vulnerable instance of Oracle Database is installed on the remote host : Ohome : /clu_fs/his/oracle/product/12.1 Missing OJVM Patches : 19877336
|
82903 - Oracle Database Multiple Vulnerabilities (April 2015 CPU) |
[-/+] |
Synopsis
The remote database server is affected by multiple vulnerabilities.Description
The remote Oracle database server is missing the April 2015 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities in the following components : - Core RDBMS (CVE-2015-0483) - Java VM (CVE-2015-0457) - XDB-XML Database (CVE-2015-0455) - XDK and XDB-XML Database (CVE-2015-0479)See Also
Solution
Apply the appropriate patch according to the April 2015 Oracle Critical Patch Update advisory.Risk Factor
HighCVSS Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)CVSS Temporal Score
7.8 (CVSS2#E:ND/RL:OF/RC:C)References
Plugin Information:
Publication date: 2015/04/20, Modification date: 2015/07/19Ports
tcp/0
The following vulnerable instance of Oracle Database is installed on the remote host : Ohome : /clu_fs/his/oracle/product/12.1 Missing OJVM Patches : 20415564
|
84822 - Oracle Database Multiple Vulnerabilities (July 2015 CPU) |
[-/+] |
Synopsis
The remote database server is affected by multiple vulnerabilities.Description
The remote Oracle database server is missing the July 2015 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities in the following components : - Application Express (CVE-2015-2655, CVE-2015-2585, CVE-2015-2586) - Core RDBMS (CVE-2015-0468) - Java VM (CVE-2015-2629) - Oracle OLAP (CVE-2015-2595) - RDBMS Partitioning (CVE-2015-4740) - RDBMS Scheduler (CVE-2015-2599) - RDBMS Security (CVE-2015-4755) - RDBMS Support Tools (CVE-2015-4753)See Also
Solution
Apply the appropriate patch according to the July 2015 Oracle Critical Patch Update advisory.Risk Factor
HighCVSS Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)CVSS Temporal Score
7.8 (CVSS2#E:ND/RL:OF/RC:C)References
Plugin Information:
Publication date: 2015/07/17, Modification date: 2015/12/10Ports
tcp/0
The following vulnerable instance of Oracle Database is installed on the remote host : Ohome : /clu_fs/his/oracle/product/12.1 Missing OJVM Patches : 21068507
|
88146 - Oracle Database Multiple Vulnerabilities (January 2016 CPU) |
[-/+] |
Synopsis
The remote database server is affected by multiple vulnerabilities.Description
The remote Oracle Database Server is missing the January 2016 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities in the following components : - Database Vault (CVE-2015-4921) - Java VM (CVE-2016-0499) - Security (CVE-2016-0467) - Workspace Manager (CVE-2015-4925) - XDB - XML Database (CVE-2016-0461, CVE-2016-0472) - XML Developer's Kit for C (CVE-2015-4923)See Also
Solution
Apply the appropriate patch according to the January 2016 Oracle Critical Patch Update advisory.Risk Factor
HighCVSS Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)CVSS Temporal Score
6.7 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/01/25, Modification date: 2016/04/28Ports
tcp/0
The following vulnerable instance of Oracle Database is installed on the remote host : Ohome : /clu_fs/his/oracle/product/12.1 Missing OJVM Patches : 22139226
|
90180 - RHEL 5 / 7 : java-1.7.0-openjdk (RHSA-2016:0512) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit for compiling and executing Java programs. Security Fix(es) : * An improper type safety check was discovered in the Hotspot component. An untrusted Java application or applet could use this flaw to bypass Java Sandbox restrictions. (CVE-2016-0636)See Also
Solution
Update the affected packages.Risk Factor
HighCVSS v3.0 Base Score
8.1 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.4 (CVSS:3.0/E:F/RL:O/RC:X)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/03/25, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : java-1.7.0-openjdk-1.7.0.95-2.6.4.0.el7_2 Should be : java-1.7.0-openjdk-1.7.0.99-2.6.5.0.el7_2 Remote package installed : java-1.7.0-openjdk-headless-1.7.0.95-2.6.4.0.el7_2 Should be : java-1.7.0-openjdk-headless-1.7.0.99-2.6.5.0.el7_2 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
90181 - RHEL 7 : java-1.8.0-openjdk (RHSA-2016:0513) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.8.0-openjdk packages contain the latest version of the Open Java Development Kit (OpenJDK), OpenJDK 8. These packages provide a fully compliant implementation of Java SE 8. Security Fix(es) : * An improper type safety check was discovered in the Hotspot component. An untrusted Java application or applet could use this flaw to bypass Java Sandbox restrictions. (CVE-2016-0636)See Also
Solution
Update the affected packages.Risk Factor
HighCVSS v3.0 Base Score
8.1 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.4 (CVSS:3.0/E:F/RL:O/RC:X)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/03/25, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : java-1.8.0-openjdk-1.8.0.71-2.b15.el7_2 Should be : java-1.8.0-openjdk-1.8.0.77-0.b03.el7_2 Remote package installed : java-1.8.0-openjdk-headless-1.8.0.71-2.b15.el7_2 Should be : java-1.8.0-openjdk-headless-1.8.0.77-0.b03.el7_2 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
90300 - RHEL 7 : mariadb (RHSA-2016:0534) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for mariadb is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a newer upstream version: MariaDB (5.5.47). Refer to the MariaDB Release Notes listed in the References section for a complete list of changes. Security Fix(es) : * It was found that the MariaDB client library did not properly check host names against server identities noted in the X.509 certificates when establishing secure connections using TLS/SSL. A man-in-the-middle attacker could possibly use this flaw to impersonate a server to a client. (CVE-2016-2047) * This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2015-4792, CVE-2015-4802, CVE-2015-4815, CVE-2015-4816, CVE-2015-4819, CVE-2015-4826, CVE-2015-4830, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4870, CVE-2015-4879, CVE-2015-4913, CVE-2016-0505, CVE-2016-0546, CVE-2016-0596, CVE-2016-0597, CVE-2016-0598, CVE-2016-0600, CVE-2016-0606, CVE-2016-0608, CVE-2016-0609, CVE-2016-0616) Bug Fix(es) : * When more than one INSERT operation was executed concurrently on a non-empty InnoDB table with an AUTO_INCREMENT column defined as a primary key immediately after starting MariaDB, a race condition could occur. As a consequence, one of the concurrent INSERT operations failed with a 'Duplicate key' error message. A patch has been applied to prevent the race condition. Now, each row inserted as a result of the concurrent INSERT operations receives a unique primary key, and the operations no longer fail in this scenario. (BZ#1303946)See Also
Solution
Update the affected packages.Risk Factor
HighCVSS v3.0 Base Score
5.9 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)CVSS v3.0 Temporal Score
5.2 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/04/01, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : mariadb-libs-5.5.44-1.el7_1 Should be : mariadb-libs-5.5.47-1.el7_2 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
90387 - RHEL 7 : graphite2 (RHSA-2016:0594) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for graphite2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Graphite2 is a project within SIL's Non-Roman Script Initiative and Language Software Development groups to provide rendering capabilities for complex non-Roman writing systems. Graphite can be used to create 'smart fonts' capable of displaying writing systems with various complex behaviors. With respect to the Text Encoding Model, Graphite handles the 'Rendering' aspect of writing system implementation. The following packages have been upgraded to a newer upstream version: graphite2 (1.3.6). Security Fix(es) : * Various vulnerabilities have been discovered in Graphite2. An attacker able to trick an unsuspecting user into opening specially crafted font files in an application using Graphite2 could exploit these flaws to cause the application to crash or, potentially, execute arbitrary code with the privileges of the application. (CVE-2016-1521, CVE-2016-1522, CVE-2016-1523, CVE-2016-1526)See Also
Solution
Update the affected graphite2, graphite2-debuginfo and / or graphite2-devel packages.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.4 (CVSS:3.0/E:U/RL:U/RC:U)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.1 (CVSS2#E:U/RL:U/RC:UC)References
Plugin Information:
Publication date: 2016/04/07, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : graphite2-1.2.2-5.el7 Should be : graphite2-1.3.6-1.el7_2 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
90749 - RHEL 7 : nss, nspr, nss-softokn, and nss-util (RHSA-2016:0685) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for nss, nspr, nss-softokn, and nss-util is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a newer upstream version: nss (3.21.0), nss-util (3.21.0), nspr (4.11.0). (BZ#1310581, BZ#1303021, BZ# 1299872) Security Fix(es) : * A use-after-free flaw was found in the way NSS handled DHE (Diffie-Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application. (CVE-2016-1978) * A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause that application to crash, or execute arbitrary code using the permissions of the user running the application. (CVE-2016-1979) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Eric Rescorla as the original reporter of CVE-2016-1978; and Tim Taubert as the original reporter of CVE-2016-1979. Bug Fix(es) : * The nss-softokn package has been updated to be compatible with NSS 3.21. (BZ#1326221)See Also
Solution
Update the affected packages.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)CVSS Temporal Score
5.5 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/04/27, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : nspr-4.10.8-2.el7_1 Should be : nspr-4.11.0-1.el7_2 Remote package installed : nss-3.19.1-19.el7_2 Should be : nss-3.21.0-9.el7_2 Remote package installed : nss-softokn-3.16.2.3-13.el7_1 Should be : nss-softokn-3.16.2.3-14.2.el7_2 Remote package installed : nss-softokn-freebl-3.16.2.3-13.el7_1 Should be : nss-softokn-freebl-3.16.2.3-14.2.el7_2 Remote package installed : nss-sysinit-3.19.1-19.el7_2 Should be : nss-sysinit-3.21.0-9.el7_2 Remote package installed : nss-tools-3.19.1-19.el7_2 Should be : nss-tools-3.21.0-9.el7_2 Remote package installed : nss-util-3.19.1-4.el7_1 Should be : nss-util-3.21.0-2.2.el7_2 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
90762 - Oracle Database Multiple Vulnerabilities (April 2016 CPU) |
[-/+] |
Synopsis
The remote database server is affected by multiple vulnerabilities.Description
The remote Oracle Database Server is missing the April 2016 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities in the following components : - An unspecified flaw exists in the RDBMS Security component that allows a local attacker to cause a denial of service condition. (CVE-2016-0677) - An unspecified flaw exists in the Oracle OLAP component that allows a local attacker to gain elevated privileges. (CVE-2016-0681) - Multiple unspecified flaws exist in the RDBMS Security component that allow a local attacker to impact integrity. (CVE-2016-0690, CVE-2016-0691) - An unspecified flaw exists in the Java VM component that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-3454)See Also
Solution
Apply the appropriate patch according to the April 2016 Oracle Critical Patch Update advisory.Risk Factor
HighCVSS v3.0 Base Score
9.0 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.8 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.6 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/04/27, Modification date: 2016/12/07Ports
tcp/0
The following vulnerable instance of Oracle Database is installed on the remote host : Ohome : /clu_fs/his/oracle/product/12.1 Missing DB Patches : 22291127, 22806133 Missing OJVM Patches : 22674709
|
91078 - RHEL 7 : pcre (RHSA-2016:1025) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for pcre is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. PCRE is a Perl-compatible regular expression library. Security Fix(es) : * Multiple flaws were found in the way PCRE handled malformed regular expressions. An attacker able to make an application using PCRE process a specially crafted regular expression could use these flaws to cause the application to crash or, possibly, execute arbitrary code. (CVE-2015-8385, CVE-2016-3191, CVE-2015-2328, CVE-2015-3217, CVE-2015-5073, CVE-2015-8388, CVE-2015-8391, CVE-2015-8386)See Also
Solution
Update the affected packages.Risk Factor
HighCVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
8.5 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
9.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:C)CVSS Temporal Score
6.7 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/05/12, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : pcre-8.32-14.el7 Should be : pcre-8.32-15.el7_2.1 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
91114 - RHEL 7 : kernel (RHSA-2016:1033) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A flaw was found in the way the Linux kernel's ASN.1 DER decoder processed certain certificate files with tags of indefinite length. A local, unprivileged user could use a specially crafted X.509 certificate DER file to crash the system or, potentially, escalate their privileges on the system. (CVE-2016-0758, Important) Red Hat would like to thank Philip Pettersson of Samsung for reporting this issue. Bug Fix(es) : * Under certain conditions, the migration threads could race with the CPU hotplug, which could cause a deadlock. A set of patches has been provided to fix this bug, and the deadlock no longer occurs in the system. (BZ#1299338) * A bug in the code that cleans up revoked delegations could previously cause a soft lockup in the NFS server. This patch fixes the underlying source code, so the lockup no longer occurs. (BZ#1311582) * The second attempt to reload Common Application Programming Interface (CAPI) devices on the little-endian variant of IBM Power Systems previously failed. The provided set of patches fixes this bug, and reloading works as intended. (BZ#1312396) * Due to inconsistencies in page size of IOMMU, the NVMe device, and the kernel, the BUG_ON signal previously occurred in the nvme_setup_prps() function, leading to the system crash while setting up the DMA transfer. The provided patch sets the default NVMe page size to 4k, thus preventing the system crash. (BZ# 1312399) * Previously, on a system using the Infiniband mlx5 driver used for the SRP stack, a hard lockup previously occurred after the kernel exceeded time with lock held with interrupts blocked. As a consequence, the system panicked. This update fixes this bug, and the system no longer panics in this situation. (BZ#1313814) * On the little-endian variant of IBM Power Systems, the kernel previously crashed in the bitmap_weight() function while running the memory affinity script. The provided patch fortifies the topology setup and prevents sd->child from being set to NULL when it is already NULL. As a result, the memory affinity script runs successfully. (BZ#1316158) * When a KVM guest wrote random values to the special-purpose registers (SPR) Instruction Authority Mask Register (IAMR), the guest and the corresponding QEMU process previously hung. This update adds the code which sets SPRs to a suitable neutral value on guest exit, thus fixing this bug. (BZ#1316636) * Under heavy iSCSI traffic load, the system previously panicked due to a race in the locking code leading to a list corruption. This update fixes this bug, and the system no longer panics in this situation. (BZ#1316812) * During SCSI exception handling (triggered by some irregularities), the driver could previously use an already retired SCSI command. As a consequence, a kernel panic or data corruption occurred. The provided patches fix this bug, and exception handling now proceeds successfully. (BZ#1316820) * When the previously opened /dev/tty, which pointed to a pseudo terminal (pty) pair, was the last file closed, a kernel crash could previously occur. The underlying source code has been fixed, preventing this bug. (BZ#1320297) * Previously, when using VPLEX and FCoE via the bnx2fc driver, different degrees of data corruption occurred. The provided patch fixes the FCP Response (RSP) residual parsing in bnx2fc, which prevents the aforementioned corruption. (BZ#1322279)See Also
Solution
Update the affected packages.Risk Factor
HighCVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/05/13, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : kernel-3.10.0-327.10.1.el7 Should be : kernel-3.10.0-327.18.2.el7 Remote package installed : kernel-devel-3.10.0-327.10.1.el7 Should be : kernel-devel-3.10.0-327.18.2.el7 Remote package installed : kernel-headers-3.10.0-327.10.1.el7 Should be : kernel-headers-3.10.0-327.18.2.el7 Remote package installed : kernel-tools-3.10.0-327.10.1.el7 Should be : kernel-tools-3.10.0-327.18.2.el7 Remote package installed : kernel-tools-libs-3.10.0-327.10.1.el7 Should be : kernel-tools-libs-3.10.0-327.18.2.el7 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
91801 - RHEL 7 : kernel (RHSA-2016:1277) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated kernel packages include several security issues and numerous bug fixes, some of which you can see below. Space precludes documenting all of these bug fixes in this advisory. To see the complete list of bug fixes, users are directed to the related Knowledge Article: https://access.redhat.com/articles/2361921. Security Fixes : * A flaw was found in the way certain interfaces of the Linux kernel's Infiniband subsystem used write() as bi-directional ioctl() replacement, which could lead to insufficient memory security checks when being invoked using the splice() system call. A local unprivileged user on a system with either Infiniband hardware present or RDMA Userspace Connection Manager Access module explicitly loaded, could use this flaw to escalate their privileges on the system. (CVE-2016-4565, Important) * A race condition flaw was found in the way the Linux kernel's SCTP implementation handled sctp_accept() during the processing of heartbeat timeout events. A remote attacker could use this flaw to prevent further connections to be accepted by the SCTP server running on the system, resulting in a denial of service. (CVE-2015-8767, Moderate) Red Hat would like to thank Jann Horn for reporting CVE-2016-4565. Bug Fixes : * When Small Computer System Interface (SCSI) devices were removed or deleted, a system crash could occur due to a race condition between listing all SCSI devices and SCSI device removal. The provided patch ensures that the starting node for the klist_iter_init_node() function is actually a member of the list before using it. As a result, a system crash no longer occurs in the described scenario. (BZ#1333403) * This update offers a reworked series of patches for the resizable hash table (rhashtable) including a number of backported bug fixes and enhancements from upstream. (BZ#1328801) * Previously, the same value of the mperf Model-Specific Register (MSR) read twice in a row could lead to a kernel panic due to the divide-by-zero error. The provided patch fixes this bug, and the kernel now handles two identical values of mperf gracefully. (BZ#1334438) * When a transparent proxy application was running and the number of established connections on the computer exceeded one million, unrelated processes, such as curl or ssh, were unable to bind to a local IP on the box to initiate a connection. The provided patch fixes the cooperation of the REUSEADDR/NOREUSEADDR socket option, and thus prevents the local port from being exhausted. As a result, the aforementioned bug no longer occurs in the described scenario. (BZ#1323960) * Previously, the kernel support for non-local bind for the IPv6 protocol was incomplete. As a consequence, an attempt to bind a socket to an IPv6 address that is not assigned to the host could fail. The provided patch includes changes in the ip_nonlocal_bind variable, which is now set to allow binding to an IPv6 address that is not assigned to the host. As a result, Linux servers are now able to bind to non-local IPv6 addresses as expected. (BZ#1324502) * On some servers with a faster CPU, USB initialization could previously lead to a kernel hang during boot. If this inconvenience occurred when booting the second kernel during the kdump operation, the kdump service failed and the vmcore was lost. The provided upstream patch fixes this bug, and the kernel no longer hangs after USB initialization. (BZ#1327581) * Previously, when running iperf servers using the mlx4_en module, a kernel panic occurred. The underlying source code has been fixed, and the kernel panic no longer occurs in the described scenario. (BZ#1327583)See Also
Solution
Update the affected packages.Risk Factor
HighCVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/06/24, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : kernel-3.10.0-327.10.1.el7 Should be : kernel-3.10.0-327.22.2.el7 Remote package installed : kernel-devel-3.10.0-327.10.1.el7 Should be : kernel-devel-3.10.0-327.22.2.el7 Remote package installed : kernel-headers-3.10.0-327.10.1.el7 Should be : kernel-headers-3.10.0-327.22.2.el7 Remote package installed : kernel-tools-3.10.0-327.10.1.el7 Should be : kernel-tools-3.10.0-327.22.2.el7 Remote package installed : kernel-tools-libs-3.10.0-327.10.1.el7 Should be : kernel-tools-libs-3.10.0-327.22.2.el7 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
92490 - RHEL 6 / 7 : java-1.8.0-openjdk (RHSA-2016:1458) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es) : * Multiple flaws were discovered in the Hotspot and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2016-3606, CVE-2016-3587, CVE-2016-3598, CVE-2016-3610) * Multiple denial of service flaws were found in the JAXP component in OpenJDK. A specially crafted XML file could cause a Java application using JAXP to consume an excessive amount of CPU and memory when parsed. (CVE-2016-3500, CVE-2016-3508) * Multiple flaws were found in the CORBA and Hotsport components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2016-3458, CVE-2016-3550) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.See Also
Solution
Update the affected packages.Risk Factor
HighCVSS v3.0 Base Score
9.6 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)CVSS v3.0 Temporal Score
8.3 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/07/21, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : java-1.8.0-openjdk-1.8.0.71-2.b15.el7_2 Should be : java-1.8.0-openjdk-1.8.0.101-3.b13.el7_2 Remote package installed : java-1.8.0-openjdk-headless-1.8.0.71-2.b15.el7_2 Should be : java-1.8.0-openjdk-headless-1.8.0.101-3.b13.el7_2 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
92522 - Oracle Database Multiple Vulnerabilities (July 2016 CPU) (FREAK) |
[-/+] |
Synopsis
The remote database server is affected by multiple vulnerabilities.Description
The remote Oracle Database Server is missing the July 2016 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability, known as FREAK (Factoring attack on RSA-EXPORT Keys), exists in the RDBMS HTTPS Listener package due to the support of weak EXPORT_RSA cipher suites with keys less than or equal to 512 bits. A man-in-the-middle attacker may be able to downgrade the SSL/TLS connection to use EXPORT_RSA cipher suites which can be factored in a short amount of time, allowing the attacker to intercept and decrypt the traffic. (CVE-2015-0204) - An unspecified vulnerability exists in the Application Express component that allows an unauthenticated, remote attacker to impact confidentiality and integrity. (CVE-2016-3448) - An unspecified vulnerability exists in the Application Express component that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2016-3467) - An unspecified vulnerability exists in the Portable Clusterware component that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2016-3479) - An unspecified vulnerability exists in the Database Vault component that allows a local attacker to impact confidentiality and integrity. (CVE-2016-3484) - An unspecified vulnerability exists in the DB Sharding component that allows a local attacker to impact integrity. (CVE-2016-3488) - An unspecified vulnerability exists in the Data Pump Import component that allows a local attacker to to gain elevated privileges. (CVE-2016-3489) - An unspecified vulnerability exists in the JDBC component that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-3506) - An unspecified vulnerability exists in the OJVM component that allows an authenticated, remote attacker to execute arbitrary code. (CVE-2016-3609)See Also
Solution
Apply the appropriate patch according to the July 2016 Oracle Critical Patch Update advisory.Risk Factor
HighCVSS v3.0 Base Score
9.0 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)CVSS Base Score
8.5 (CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C)CVSS Temporal Score
6.3 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/07/22, Modification date: 2016/12/07Ports
tcp/0
The following vulnerable instance of Oracle Database is installed on the remote host : Ohome : /clu_fs/his/oracle/product/12.1 Missing DB Patches : 23054246, 23144544 Missing OJVM Patches : 23177536
|
92604 - RHEL 5 / 6 / 7 : java-1.7.0-openjdk (RHSA-2016:1504) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es) : * Multiple flaws were discovered in the Hotspot and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2016-3606, CVE-2016-3598, CVE-2016-3610) * Multiple denial of service flaws were found in the JAXP component in OpenJDK. A specially crafted XML file could cause a Java application using JAXP to consume an excessive amount of CPU and memory when parsed. (CVE-2016-3500, CVE-2016-3508) * Multiple flaws were found in the CORBA and Hotsport components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2016-3458, CVE-2016-3550)See Also
Solution
Update the affected packages.Risk Factor
HighCVSS v3.0 Base Score
9.6 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)CVSS v3.0 Temporal Score
8.3 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/07/28, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : java-1.7.0-openjdk-1.7.0.95-2.6.4.0.el7_2 Should be : java-1.7.0-openjdk-1.7.0.111-2.6.7.2.el7_2 Remote package installed : java-1.7.0-openjdk-headless-1.7.0.95-2.6.4.0.el7_2 Should be : java-1.7.0-openjdk-headless-1.7.0.111-2.6.7.2.el7_2 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
92694 - RHEL 7 : kernel (RHSA-2016:1539) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated kernel packages include several security issues and numerous bug fixes, some of which you can see below. Space precludes documenting all of these bug fixes in this advisory. To see the complete list of bug fixes, users are directed to the related Knowledge Article: https://access.redhat.com/articles/2460971. Security Fix(es) : * A flaw was found in the Linux kernel's keyring handling code, where in key_reject_and_link() an uninitialised variable would eventually lead to arbitrary free address which could allow attacker to use a use-after-free style attack. (CVE-2016-4470, Important) * The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application. (CVE-2015-8660, Moderate) * It was reported that on s390x, the fork of a process with four page table levels will cause memory corruption with a variety of symptoms. All processes are created with three level page table and a limit of 4TB for the address space. If the parent process has four page table levels with a limit of 8PB, the function that duplicates the address space will try to copy memory areas outside of the address space limit for the child process. (CVE-2016-2143, Moderate) Red Hat would like to thank Nathan Williams for reporting CVE-2015-8660. The CVE-2016-4470 issue was discovered by David Howells (Red Hat Inc.). Bug Fix(es) : * The glibc headers and the Linux headers share certain definitions of key structures that are required to be defined in kernel and in userspace. In some instances both userspace and sanitized kernel headers have to be included in order to get the structure definitions required by the user program. Unfortunately because the glibc and Linux headers don't coordinate this can result in compilation errors. The glibc headers have therefore been fixed to coordinate with Linux UAPI-based headers. With the header coordination compilation errors no longer occur. (BZ#1331285) * When running the TCP/IPv6 traffic over the mlx4_en networking interface on the big endian architectures, call traces reporting about a 'hw csum failure' could occur. With this update, the mlx4_en driver has been fixed by correction of the checksum calculation for the big endian architectures. As a result, the call trace error no longer appears in the log messages. (BZ#1337431) * Under significant load, some applications such as logshifter could generate bursts of log messages too large for the system logger to spool. Due to a race condition, log messages from that application could then be lost even after the log volume dropped to manageable levels. This update fixes the kernel mechanism used to notify the transmitter end of the socket used by the system logger that more space is available on the receiver side, removing a race condition which previously caused the sender to stop transmitting new messages and allowing all log messages to be processed correctly. (BZ#1337513) * Previously, after heavy open or close of the Accelerator Function Unit (AFU) contexts, the interrupt packet went out and the AFU context did not see any interrupts. Consequently, a kernel panic could occur. The provided patch set fixes handling of the interrupt requests, and kernel panic no longer occurs in the described situation. (BZ#1338886) * net: recvfrom would fail on short buffer. (BZ#1339115) * Backport rhashtable changes from upstream. (BZ#1343639) * Server Crashing after starting Glusterd & creating volumes. (BZ#1344234) * RAID5 reshape deadlock fix. (BZ#1344313) * BDX perf uncore support fix. (BZ#1347374)See Also
Solution
Update the affected packages.Risk Factor
HighCVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.2 (CVSS:3.0/E:F/RL:O/RC:X)CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.0 (CVSS2#E:F/RL:OF/RC:ND)References
Exploitable with
CANVAS (true)Core Impact (true)Metasploit (true)Plugin Information:
Publication date: 2016/08/03, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : kernel-3.10.0-327.10.1.el7 Should be : kernel-3.10.0-327.28.2.el7 Remote package installed : kernel-devel-3.10.0-327.10.1.el7 Should be : kernel-devel-3.10.0-327.28.2.el7 Remote package installed : kernel-headers-3.10.0-327.10.1.el7 Should be : kernel-headers-3.10.0-327.28.2.el7 Remote package installed : kernel-tools-3.10.0-327.10.1.el7 Should be : kernel-tools-3.10.0-327.28.2.el7 Remote package installed : kernel-tools-libs-3.10.0-327.10.1.el7 Should be : kernel-tools-libs-3.10.0-327.28.2.el7 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
92696 - RHEL 7 : libtiff (RHSA-2016:1546) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for libtiff is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es) : * Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files. (CVE-2014-9655, CVE-2015-1547, CVE-2015-8784, CVE-2015-8683, CVE-2015-8665, CVE-2015-8781, CVE-2015-8782, CVE-2015-8783, CVE-2016-3990, CVE-2016-5320) * Multiple flaws have been discovered in various libtiff tools (bmp2tiff, pal2rgb, thumbnail, tiff2bw, tiff2pdf, tiffcrop, tiffdither, tiffsplit, tiff2rgba). By tricking a user into processing a specially crafted file, a remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code with the privileges of the user running the libtiff tool. (CVE-2014-8127, CVE-2014-8129, CVE-2014-8130, CVE-2014-9330, CVE-2015-7554, CVE-2015-8668, CVE-2016-3632, CVE-2016-3945, CVE-2016-3991)See Also
Solution
Update the affected packages.Risk Factor
HighCVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.8 (CVSS:3.0/E:U/RL:O/RC:U)CVSS Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)CVSS Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:UC)References
Plugin Information:
Publication date: 2016/08/03, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : libtiff-4.0.3-14.el7 Should be : libtiff-4.0.3-25.el7_2 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
93555 - RHEL 7 : kernel (RHSA-2016:1847) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A security flaw was found in the Linux kernel in the mark_source_chains() function in 'net/ipv4/netfilter/ip_tables.c'. It is possible for a user-supplied 'ipt_entry' structure to have a large 'next_offset' field. This field is not bounds checked prior to writing to a counter value at the supplied offset. (CVE-2016-3134, Important) * A flaw was discovered in processing setsockopt for 32 bit processes on 64 bit systems. This flaw will allow attackers to alter arbitrary kernel memory when unloading a kernel module. This action is usually restricted to root-privileged users but can also be leveraged if the kernel is compiled with CONFIG_USER_NS and CONFIG_NET_NS and the user is granted elevated privileges. (CVE-2016-4997, Important) * An out-of-bounds heap memory access leading to a Denial of Service, heap disclosure, or further impact was found in setsockopt(). The function call is normally restricted to root, however some processes with cap_sys_admin may also be able to trigger this flaw in privileged container environments. (CVE-2016-4998, Moderate) Bug Fix(es) : * In some cases, running the ipmitool command caused a kernel panic due to a race condition in the ipmi message handler. This update fixes the race condition, and the kernel panic no longer occurs in the described scenario. (BZ#1353947) * Previously, running I/O-intensive operations in some cases caused the system to terminate unexpectedly after a NULL pointer dereference in the kernel. With this update, a set of patches has been applied to the 3w-9xxx and 3w-sas drivers that fix this bug. As a result, the system no longer crashes in the described scenario. (BZ#1362040) * Previously, the Stream Control Transmission Protocol (SCTP) sockets did not inherit the SELinux labels properly. As a consequence, the sockets were labeled with the unlabeled_t SELinux type which caused SCTP connections to fail. The underlying source code has been modified, and SCTP connections now works as expected. (BZ#1354302) * Previously, the bnx2x driver waited for transmission completions when recovering from a parity event, which substantially increased the recovery time. With this update, bnx2x does not wait for transmission completion in the described circumstances. As a result, the recovery of bnx2x after a parity event now takes less time. (BZ#1351972) Enhancement(s) : * With this update, the audit subsystem enables filtering of processes by name besides filtering by PID. Users can now audit by executable name (with the '-F exe=<path-to-executable>' option), which allows expression of many new audit rules. This functionality can be used to create events when specific applications perform a syscall. (BZ#1345774) * With this update, the Nonvolatile Memory Express (NVMe) and the multi-queue block layer (blk_mq) have been upgraded to the Linux 4.5 upstream version. Previously, a race condition between timeout and freeing request in blk_mq occurred, which could affect the blk_mq_tag_to_rq() function and consequently a kernel oops could occur. The provided patch fixes this race condition by updating the tags with the active request. The patch simplifies blk_mq_tag_to_rq() and ensures that the two requests are not active at the same time. (BZ#1350352) * The Hyper-V storage driver (storvsc) has been upgraded from upstream. This update provides moderate performance improvement of I/O operations when using storvscr for certain workloads. (BZ#1360161) Additional Changes : Space precludes documenting all of the bug fixes and enhancements included in this advisory. To see the complete list of bug fixes and enhancements, refer to the following KnowledgeBase article: https://access.redhat.com/articles/2592321See Also
Solution
Update the affected packages.Risk Factor
HighCVSS v3.0 Base Score
8.4 (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.9 (CVSS:3.0/E:P/RL:U/RC:X)CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.5 (CVSS2#E:POC/RL:U/RC:ND)References
Exploitable with
Metasploit (true)Plugin Information:
Publication date: 2016/09/16, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : kernel-3.10.0-327.10.1.el7 Should be : kernel-3.10.0-327.36.1.el7 Remote package installed : kernel-devel-3.10.0-327.10.1.el7 Should be : kernel-devel-3.10.0-327.36.1.el7 Remote package installed : kernel-headers-3.10.0-327.10.1.el7 Should be : kernel-headers-3.10.0-327.36.1.el7 Remote package installed : kernel-tools-3.10.0-327.10.1.el7 Should be : kernel-tools-3.10.0-327.36.1.el7 Remote package installed : kernel-tools-libs-3.10.0-327.10.1.el7 Should be : kernel-tools-libs-3.10.0-327.36.1.el7 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
93763 - RHEL 6 / 7 : openssl (RHSA-2016:1940) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for openssl is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es) : * A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support. (CVE-2016-6304) * It was discovered that OpenSSL did not always use constant time operations when computing Digital Signature Algorithm (DSA) signatures. A local attacker could possibly use this flaw to obtain a private DSA key belonging to another user or service running on the same system. (CVE-2016-2178) * It was discovered that the Datagram TLS (DTLS) implementation could fail to release memory in certain cases. A malicious DTLS client could cause a DTLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory. (CVE-2016-2179) * A flaw was found in the Datagram TLS (DTLS) replay protection implementation in OpenSSL. A remote attacker could possibly use this flaw to make a DTLS server using OpenSSL to reject further packets sent from a DTLS client over an established DTLS connection. (CVE-2016-2181) * An out of bounds write flaw was discovered in the OpenSSL BN_bn2dec() function. An attacker able to make an application using OpenSSL to process a large BIGNUM could cause the application to crash or, possibly, execute arbitrary code. (CVE-2016-2182) * A flaw was found in the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183) This update mitigates the CVE-2016-2183 issue by lowering priority of DES cipher suites so they are not preferred over cipher suites using AES. For compatibility reasons, DES cipher suites remain enabled by default and included in the set of cipher suites identified by the HIGH cipher string. Future updates may move them to MEDIUM or not enable them by default. * An integer underflow flaw leading to a buffer over-read was found in the way OpenSSL parsed TLS session tickets. A remote attacker could use this flaw to crash a TLS server using OpenSSL if it used SHA-512 as HMAC for session tickets. (CVE-2016-6302) * Multiple integer overflow flaws were found in the way OpenSSL performed pointer arithmetic. A remote attacker could possibly use these flaws to cause a TLS/SSL server or client using OpenSSL to crash. (CVE-2016-2177) * An out of bounds read flaw was found in the way OpenSSL formatted Public Key Infrastructure Time-Stamp Protocol data for printing. An attacker could possibly cause an application using OpenSSL to crash if it printed time stamp data from the attacker. (CVE-2016-2180) * Multiple out of bounds read flaws were found in the way OpenSSL handled certain TLS/SSL protocol handshake messages. A remote attacker could possibly use these flaws to crash a TLS/SSL server or client using OpenSSL. (CVE-2016-6306) Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6304 and CVE-2016-6306 and OpenVPN for reporting CVE-2016-2183. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter of CVE-2016-6304 and CVE-2016-6306; and Karthikeyan Bhargavan (Inria) and Gaetan Leurent (Inria) as the original reporters of CVE-2016-2183.See Also
Solution
Update the affected packages.Risk Factor
HighCVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
9.0 (CVSS:3.0/E:F/RL:O/RC:X)CVSS Base Score
7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)CVSS Temporal Score
6.4 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/09/28, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : openssl-1.0.1e-51.el7_2.4 Should be : openssl-1.0.1e-51.el7_2.7 Remote package installed : openssl-libs-1.0.1e-51.el7_2.4 Should be : openssl-libs-1.0.1e-51.el7_2.7 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
93784 - RHEL 5 / 6 / 7 : bind (RHSA-2016:1944) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for bind is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es) : * A denial of service flaw was found in the way BIND constructed a response to a query that met certain criteria. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS request packet. (CVE-2016-2776) Red Hat would like to thank ISC for reporting this issue.See Also
Solution
Update the affected packages.Risk Factor
HighCVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)CVSS v3.0 Temporal Score
6.9 (CVSS:3.0/E:F/RL:O/RC:X)CVSS Base Score
7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)CVSS Temporal Score
6.4 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IReferences
| CVE |
CVE-2016-2776
|
| XREF |
OSVDB:144854 |
| XREF |
RHSA:2016:1944 |
| XREF |
IAVA:2017-A-0004 |
Plugin Information:
Publication date: 2016/09/28, Modification date: 2017/01/16Ports
tcp/0
Remote package installed : bind-libs-9.9.4-29.el7_2.2 Should be : bind-libs-9.9.4-29.el7_2.4 Remote package installed : bind-libs-lite-9.9.4-29.el7_2.2 Should be : bind-libs-lite-9.9.4-29.el7_2.4 Remote package installed : bind-license-9.9.4-29.el7_2.2 Should be : bind-license-9.9.4-29.el7_2.4 Remote package installed : bind-utils-9.9.4-29.el7_2.2 Should be : bind-utils-9.9.4-29.el7_2.4 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
93952 - RHEL 7 : kernel (RHSA-2016:2047) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * Linux kernel built with the 802.1Q/802.1ad VLAN(CONFIG_VLAN_8021Q) OR Virtual eXtensible Local Area Network(CONFIG_VXLAN) with Transparent Ethernet Bridging(TEB) GRO support, is vulnerable to a stack overflow issue. It could occur while receiving large packets via GRO path as an unlimited recursion could unfold in both VLAN and TEB modules leading to a stack corruption in the kernel. (CVE-2016-7039, Important)See Also
Solution
Update the affected packages.Risk Factor
HighCVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)CVSS v3.0 Temporal Score
6.3 (CVSS:3.0/E:U/RL:O/RC:R)CVSS Base Score
7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)CVSS Temporal Score
5.5 (CVSS2#E:U/RL:OF/RC:UR)References
Plugin Information:
Publication date: 2016/10/11, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : kernel-3.10.0-327.10.1.el7 Should be : kernel-3.10.0-327.36.2.el7 Remote package installed : kernel-devel-3.10.0-327.10.1.el7 Should be : kernel-devel-3.10.0-327.36.2.el7 Remote package installed : kernel-headers-3.10.0-327.10.1.el7 Should be : kernel-headers-3.10.0-327.36.2.el7 Remote package installed : kernel-tools-3.10.0-327.10.1.el7 Should be : kernel-tools-3.10.0-327.36.2.el7 Remote package installed : kernel-tools-libs-3.10.0-327.10.1.el7 Should be : kernel-tools-libs-3.10.0-327.36.2.el7 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
94150 - RHEL 6 / 7 : java-1.8.0-openjdk (RHSA-2016:2079) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es) : * It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine's memory and completely bypass Java sandbox restrictions. (CVE-2016-5582) * It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol (JDWP) packets. An attacker could possibly use this flaw to send debugging commands to a Java program running with debugging enabled if they could make victim's browser send HTTP requests to the JDWP port of the debugged application. (CVE-2016-5573) * It was discovered that the Libraries component of OpenJDK did not restrict the set of algorithms used for Jar integrity verification. This flaw could allow an attacker to modify content of the Jar file that used weak signing key or hash algorithm. (CVE-2016-5542) Note: After this update, MD2 hash algorithm and RSA keys with less than 1024 bits are no longer allowed to be used for Jar integrity verification by default. MD5 hash algorithm is expected to be disabled by default in the future updates. A newly introduced security property jdk.jar.disabledAlgorithms can be used to control the set of disabled algorithms. * A flaw was found in the way the JMX component of OpenJDK handled classloaders. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2016-5554) * A flaw was found in the way the Networking component of OpenJDK handled HTTP proxy authentication. A Java application could possibly expose HTTPS server authentication credentials via a plain text network connection to an HTTP proxy if proxy asked for authentication. (CVE-2016-5597) Note: After this update, Basic HTTP proxy authentication can no longer be used when tunneling HTTPS connection through an HTTP proxy. Newly introduced system properties jdk.http.auth.proxying.disabledSchemes and jdk.http.auth.tunneling.disabledSchemes can be used to control which authentication schemes can be requested by an HTTP proxy when proxying HTTP and HTTPS connections respectively. Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.See Also
Solution
Update the affected packages.Risk Factor
HighCVSS v3.0 Base Score
9.6 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)CVSS v3.0 Temporal Score
8.6 (CVSS:3.0/E:P/RL:O/RC:X)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/10/20, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : java-1.8.0-openjdk-1.8.0.71-2.b15.el7_2 Should be : java-1.8.0-openjdk-1.8.0.111-1.b15.el7_2 Remote package installed : java-1.8.0-openjdk-headless-1.8.0.71-2.b15.el7_2 Should be : java-1.8.0-openjdk-headless-1.8.0.111-1.b15.el7_2 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
94201 - Oracle Database Multiple Vulnerabilities (October 2016 CPU) |
[-/+] |
Synopsis
The remote database server is affected by multiple vulnerabilities.Description
The remote Oracle Database Server is missing the October 2016 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the RDBMS Security and SQL*Plus component that allows an authenticated, remote attacker to disclose sensitive information. (CVE-2016-3562) - An unspecified flaw exists in the RDBMS Security component that allows a local attacker to gain elevated privileges. (CVE-2016-5497) - Multiple unspecified flaws exist in the RDBMS Security component that allow a local attacker to disclose sensitive information. (CVE-2016-5498, CVE-2016-5499) - An unspecified flaw exists in the RDBMS Programmable Interface component that allows a local attacker to disclose sensitive information. (CVE-2016-5505) - An unspecified flaw exists in the Kernel PDB component that allows a local attacker to cause a denial of service condition. (CVE-2016-5516) - An unspecified flaw exists in the OJVM component that allows an authenticated, remote attacker to execute arbitrary code. (CVE-2016-5555) - An unspecified flaw exists in the Kernel PDB component that allows a local attacker to gain elevated privileges. (CVE-2016-5572)See Also
Solution
Apply the appropriate patch according to the October 2016 Oracle Critical Patch Update advisory.Risk Factor
HighCVSS v3.0 Base Score
9.1 (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.9 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)CVSS Temporal Score
6.7 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/10/21, Modification date: 2017/01/23Ports
tcp/0
The following vulnerable instance of Oracle Database is installed on the remote host : Ohome : /clu_fs/his/oracle/product/12.1 Missing DB Patches : 24006101, 24448103 Missing OJVM Patches : 24315824
|
94230 - RHEL 7 : kernel (RHSA-2016:2098) (Dirty COW) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. (CVE-2016-5195, Important) Red Hat would like to thank Phil Oester for reporting this issue.See Also
Solution
Update the affected packages.Risk Factor
HighCVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.2 (CVSS:3.0/E:F/RL:O/RC:X)CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.0 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IReferences
| CVE |
CVE-2016-5195
|
| XREF |
OSVDB:146061 |
| XREF |
RHSA:2016:2098 |
| XREF |
IAVA:2016-A-0306 |
Exploitable with
CANVAS (true)Core Impact (true)Plugin Information:
Publication date: 2016/10/24, Modification date: 2017/01/16Ports
tcp/0
Remote package installed : kernel-3.10.0-327.10.1.el7 Should be : kernel-3.10.0-327.36.3.el7 Remote package installed : kernel-devel-3.10.0-327.10.1.el7 Should be : kernel-devel-3.10.0-327.36.3.el7 Remote package installed : kernel-headers-3.10.0-327.10.1.el7 Should be : kernel-headers-3.10.0-327.36.3.el7 Remote package installed : kernel-tools-3.10.0-327.10.1.el7 Should be : kernel-tools-3.10.0-327.36.3.el7 Remote package installed : kernel-tools-libs-3.10.0-327.10.1.el7 Should be : kernel-tools-libs-3.10.0-327.36.3.el7 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
94545 - RHEL 7 : nettle (RHSA-2016:2582) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for nettle is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Nettle is a cryptographic library that is designed to fit easily in almost any context: In cryptographic toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like lsh or GnuPG, or even in kernel space. Security Fix(es) : * Multiple flaws were found in the way nettle implemented elliptic curve scalar multiplication. These flaws could potentially introduce cryptographic weaknesses into nettle's functionality. (CVE-2015-8803, CVE-2015-8804, CVE-2015-8805) * It was found that nettle's RSA and DSA decryption code was vulnerable to cache-related side channel attacks. An attacker could use this flaw to recover the private key from a co-located virtual-machine instance. (CVE-2016-6489) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.See Also
Solution
Update the affected nettle, nettle-debuginfo and / or nettle-devel packages.Risk Factor
HighCVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
8.8 (CVSS:3.0/E:P/RL:O/RC:X)CVSS Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)CVSS Temporal Score
5.9 (CVSS2#E:POC/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/11/04, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : nettle-2.7.1-4.el7 Should be : nettle-2.7.1-8.el7 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
94551 - RHEL 7 : openssh (RHSA-2016:2588) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for openssh is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix(es) : * It was discovered that the OpenSSH sshd daemon fetched PAM environment settings before running the login program. In configurations with UseLogin=yes and the pam_env PAM module configured to read user environment settings, a local user could use this flaw to execute arbitrary code as root. (CVE-2015-8325) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.See Also
Solution
Update the affected packages.Risk Factor
HighCVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/11/04, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : openssh-6.6.1p1-23.el7_2 Should be : openssh-6.6.1p1-31.el7 Remote package installed : openssh-clients-6.6.1p1-23.el7_2 Should be : openssh-clients-6.6.1p1-31.el7 Remote package installed : openssh-server-6.6.1p1-23.el7_2 Should be : openssh-server-6.6.1p1-31.el7 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
94553 - RHEL 7 : dhcp (RHSA-2016:2590) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for dhcp is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Security Fix(es) : * A resource-consumption flaw was discovered in the DHCP server. dhcpd did not restrict the number of open connections to OMAPI and failover ports. A remote attacker able to establish TCP connections to one of these ports could use this flaw to cause dhcpd to exit unexpectedly, stop responding requests, or exhaust system sockets (denial of service). (CVE-2016-2774) Red Hat would like to thank ISC for reporting this issue. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.See Also
Solution
Update the affected packages.Risk Factor
HighCVSS v3.0 Base Score
5.9 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)CVSS v3.0 Temporal Score
5.5 (CVSS:3.0/E:F/RL:T/RC:X)CVSS Base Score
7.1 (CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)CVSS Temporal Score
6.1 (CVSS2#E:F/RL:TF/RC:ND)STIG Severity
IReferences
| CVE |
CVE-2016-2774
|
| XREF |
OSVDB:135495 |
| XREF |
RHSA:2016:2590 |
| XREF |
IAVB:2016-B-0044 |
Plugin Information:
Publication date: 2016/11/04, Modification date: 2017/01/11Ports
tcp/0
Remote package installed : dhclient-4.2.5-36.el7 Should be : dhclient-4.2.5-47.el7 Remote package installed : dhcp-common-4.2.5-36.el7 Should be : dhcp-common-4.2.5-47.el7 Remote package installed : dhcp-libs-4.2.5-36.el7 Should be : dhcp-libs-4.2.5-47.el7 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
94623 - RHEL 5 / 6 / 7 : java-1.7.0-openjdk (RHSA-2016:2658) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es) : * It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine's memory and completely bypass Java sandbox restrictions. (CVE-2016-5582) * It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol (JDWP) packets. An attacker could possibly use this flaw to send debugging commands to a Java program running with debugging enabled if they could make victim's browser send HTTP requests to the JDWP port of the debugged application. (CVE-2016-5573) * It was discovered that the Libraries component of OpenJDK did not restrict the set of algorithms used for Jar integrity verification. This flaw could allow an attacker to modify content of the Jar file that used weak signing key or hash algorithm. (CVE-2016-5542) Note: After this update, MD2 hash algorithm and RSA keys with less than 1024 bits are no longer allowed to be used for Jar integrity verification by default. MD5 hash algorithm is expected to be disabled by default in the future updates. A newly introduced security property jdk.jar.disabledAlgorithms can be used to control the set of disabled algorithms. * A flaw was found in the way the JMX component of OpenJDK handled classloaders. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2016-5554) * A flaw was found in the way the Networking component of OpenJDK handled HTTP proxy authentication. A Java application could possibly expose HTTPS server authentication credentials via a plain text network connection to an HTTP proxy if proxy asked for authentication. (CVE-2016-5597) Note: After this update, Basic HTTP proxy authentication can no longer be used when tunneling HTTPS connection through an HTTP proxy. Newly introduced system properties jdk.http.auth.proxying.disabledSchemes and jdk.http.auth.tunneling.disabledSchemes can be used to control which authentication schemes can be requested by an HTTP proxy when proxying HTTP and HTTPS connections respectively.See Also
Solution
Update the affected packages.Risk Factor
HighCVSS v3.0 Base Score
9.6 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)CVSS v3.0 Temporal Score
8.6 (CVSS:3.0/E:P/RL:O/RC:X)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/11/08, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : java-1.7.0-openjdk-1.7.0.95-2.6.4.0.el7_2 Should be : java-1.7.0-openjdk-1.7.0.121-2.6.8.0.el7_3 Remote package installed : java-1.7.0-openjdk-headless-1.7.0.95-2.6.4.0.el7_2 Should be : java-1.7.0-openjdk-headless-1.7.0.121-2.6.8.0.el7_3 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
94896 - RHEL 6 / 7 : policycoreutils (RHSA-2016:2702) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for policycoreutils is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The policycoreutils packages contain the core policy utilities required to manage a SELinux environment. Security Fix(es) : * It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use this flaw to execute arbitrary commands in the context of the parent shell, escaping the sandbox. (CVE-2016-7545)See Also
Solution
Update the affected packages.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.4 (CVSS:3.0/E:U/RL:U/RC:U)CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.5 (CVSS2#E:U/RL:U/RC:UC)References
Plugin Information:
Publication date: 2016/11/15, Modification date: 2017/01/23Ports
tcp/0
Remote package installed : policycoreutils-2.2.5-15.el7 Should be : policycoreutils-2.5-9.el7 Remote package installed : policycoreutils-python-2.2.5-15.el7 Should be : policycoreutils-python-2.5-9.el7 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
94912 - RHEL 5 / 6 / 7 : nss and nss-util (RHSA-2016:2779) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for nss and nss-util is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries. The following packages have been upgraded to a newer upstream version: nss (3.12.3), nss-util (3.12.3). Security Fix(es) : * Multiple buffer handling flaws were found in the way NSS handled cryptographic data from the network. A remote attacker could use these flaws to crash an application using NSS or, possibly, execute arbitrary code with the permission of the user running the application. (CVE-2016-2834) * A NULL pointer dereference flaw was found in the way NSS handled invalid Diffie-Hellman keys. A remote client could use this flaw to crash a TLS/SSL server using NSS. (CVE-2016-5285) * It was found that Diffie Hellman Client key exchange handling in NSS was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group. (CVE-2016-8635) Red Hat would like to thank the Mozilla project for reporting CVE-2016-2834. The CVE-2016-8635 issue was discovered by Hubert Kario (Red Hat). Upstream acknowledges Tyson Smith and Jed Davis as the original reporter of CVE-2016-2834.See Also
Solution
Update the affected packages.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/11/16, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : nss-3.19.1-19.el7_2 Should be : nss-3.21.3-2.el7_3 Remote package installed : nss-sysinit-3.19.1-19.el7_2 Should be : nss-sysinit-3.21.3-2.el7_3 Remote package installed : nss-tools-3.19.1-19.el7_2 Should be : nss-tools-3.21.3-2.el7_3 Remote package installed : nss-util-3.19.1-4.el7_1 Should be : nss-util-3.21.3-1.1.el7_3 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
95381 - RHEL 6 / 7 : expat (RHSA-2016:2824) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for expat is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Expat is a C library for parsing XML documents. Security Fix(es) : * An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, possibly, execute arbitrary code with the permission of the user running the application. (CVE-2016-0718) Red Hat would like to thank Gustavo Grieco for reporting this issue.See Also
Solution
Update the affected packages.Risk Factor
HighCVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)CVSS Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)CVSS Temporal Score
5.5 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/11/29, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : expat-2.1.0-8.el7 Should be : expat-2.1.0-10.el7_3 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
96611 - Oracle Database Multiple Vulnerabilities (January 2017 CPU) |
[-/+] |
Synopsis
The remote database server is affected by multiple vulnerabilities.Description
The remote Oracle Database Server is missing the January 2017 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the OJVM component that allows an authenticated, remote attacker to execute arbitrary code. (CVE-2017-3310) - An unspecified flaw exists in the RDBMS Security component that allows a local attacker to disclose potentially sensitive information. (CVE-2017-3240)See Also
Solution
Apply the appropriate patch according to the January 2017 Oracle Critical Patch Update advisory.Risk Factor
HighCVSS v3.0 Base Score
9.0 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)CVSS Base Score
8.5 (CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C)STIG Severity
IReferences
Plugin Information:
Publication date: 2017/01/18, Modification date: 2017/02/08Ports
tcp/0
The following vulnerable instance of Oracle Database is installed on the remote host : Ohome : /clu_fs/his/oracle/product/12.1 Missing DB Patches : 24732082 Missing OJVM Patches : 24917972
|
96948 - RHEL 6 / 7 : libtiff (RHSA-2017:0225) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for libtiff is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es) : * Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files. (CVE-2016-9533, CVE-2016-9534, CVE-2016-9535) * Multiple flaws have been discovered in various libtiff tools (tiff2pdf, tiffcrop, tiffcp, bmp2tiff). By tricking a user into processing a specially crafted file, a remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code with the privileges of the user running the libtiff tool. (CVE-2015-8870, CVE-2016-5652, CVE-2016-9540, CVE-2016-9537, CVE-2016-9536)See Also
Solution
Update the affected packages.Risk Factor
HighCVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)CVSS Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)References
Plugin Information:
Publication date: 2017/02/02, Modification date: 2017/02/02Ports
tcp/0
Remote package installed : libtiff-4.0.3-14.el7 Should be : libtiff-4.0.3-27.el7_3 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
97011 - RHEL 6 / 7 : ntp (RHSA-2017:0252) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for ntp is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix(es) : * It was found that when ntp is configured with rate limiting for all associations the limits are also applied to responses received from its configured sources. A remote attacker who knows the sources can cause a denial of service by preventing ntpd from accepting valid responses from its sources. (CVE-2016-7426) * A flaw was found in the control mode functionality of ntpd. A remote attacker could send a crafted control mode packet which could lead to information disclosure or result in DDoS amplification attacks. (CVE-2016-9310) * A flaw was found in the way ntpd implemented the trap service. A remote attacker could send a specially crafted packet to cause a NULL pointer dereference that will crash ntpd, resulting in a denial of service. (CVE-2016-9311) * A flaw was found in the way ntpd running on a host with multiple network interfaces handled certain server responses. A remote attacker could use this flaw which would cause ntpd to not synchronize with the source. (CVE-2016-7429) * A flaw was found in the way ntpd calculated the root delay. A remote attacker could send a specially crafted spoofed packet to cause denial of service or in some special cases even crash. (CVE-2016-7433)See Also
Solution
Update the affected packages.Risk Factor
HighCVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)CVSS v3.0 Temporal Score
6.0 (CVSS:3.0/E:F/RL:O/RC:X)CVSS Base Score
7.1 (CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)CVSS Temporal Score
5.9 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IReferences
Plugin Information:
Publication date: 2017/02/06, Modification date: 2017/03/31Ports
tcp/0
Remote package installed : ntpdate-4.2.6p5-22.el7_2.1 Should be : ntpdate-4.2.6p5-25.el7_3.1 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
97349 - RHEL 7 : kernel (RHSA-2017:0294) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation freed SKB (socket buffer) resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system. (CVE-2017-6074, Important)See Also
Solution
Update the affected packages.Risk Factor
HighCVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.2 (CVSS:3.0/E:F/RL:O/RC:X)CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.0 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2017/02/23, Modification date: 2017/03/07Ports
tcp/0
Remote package installed : kernel-3.10.0-327.10.1.el7 Should be : kernel-3.10.0-514.6.2.el7 Remote package installed : kernel-devel-3.10.0-327.10.1.el7 Should be : kernel-devel-3.10.0-514.6.2.el7 Remote package installed : kernel-headers-3.10.0-327.10.1.el7 Should be : kernel-headers-3.10.0-514.6.2.el7 Remote package installed : kernel-tools-3.10.0-327.10.1.el7 Should be : kernel-tools-3.10.0-514.6.2.el7 Remote package installed : kernel-tools-libs-3.10.0-327.10.1.el7 Should be : kernel-tools-libs-3.10.0-514.6.2.el7 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
97509 - RHEL 7 : kernel (RHSA-2017:0386) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support is vulnerable to a NULL pointer dereference flaw. It could occur on x86 platform, when emulating an undefined instruction. An attacker could use this flaw to crash the host kernel resulting in DoS. (CVE-2016-8630, Important) * A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets implementation in the Linux kernel networking subsystem handled synchronization while creating the TPACKET_V3 ring buffer. A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this flaw to elevate their privileges on the system. (CVE-2016-8655, Important) * A flaw was discovered in the Linux kernel's implementation of VFIO. An attacker issuing an ioctl can create a situation where memory is corrupted and modify memory outside of the expected area. This may overwrite kernel memory and subvert kernel execution. (CVE-2016-9083, Important) * The use of a kzalloc with an integer multiplication allowed an integer overflow condition to be reached in vfio_pci_intrs.c. This combined with CVE-2016-9083 may allow an attacker to craft an attack and use unallocated memory, potentially crashing the machine. (CVE-2016-9084, Moderate) Red Hat would like to thank Philip Pettersson for reporting CVE-2016-8655. Additional Changes : Space precludes documenting all of the bug fixes and enhancements included in this advisory. To see the complete list of bug fixes and enhancements, refer to the following KnowledgeBase article: https://access.redhat.com/articles/2940041 .See Also
Solution
Update the affected packages.Risk Factor
HighCVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.4 (CVSS:3.0/E:P/RL:X/RC:C)CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.5 (CVSS2#E:POC/RL:ND/RC:C)References
Exploitable with
Core Impact (true)Plugin Information:
Publication date: 2017/03/03, Modification date: 2017/03/07Ports
tcp/0
Remote package installed : kernel-3.10.0-327.10.1.el7 Should be : kernel-3.10.0-514.10.2.el7 Remote package installed : kernel-devel-3.10.0-327.10.1.el7 Should be : kernel-devel-3.10.0-514.10.2.el7 Remote package installed : kernel-headers-3.10.0-327.10.1.el7 Should be : kernel-headers-3.10.0-514.10.2.el7 Remote package installed : kernel-tools-3.10.0-327.10.1.el7 Should be : kernel-tools-3.10.0-514.10.2.el7 Remote package installed : kernel-tools-libs-3.10.0-327.10.1.el7 Should be : kernel-tools-libs-3.10.0-514.10.2.el7 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
97769 - RHEL 7 : policycoreutils (RHSA-2017:0536) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for policycoreutils is now available for Red Hat Enterprise Linux 7.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The policycoreutils packages contain the core policy utilities required to manage a SELinux environment. Security Fix(es) : * It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use this flaw to execute arbitrary commands in the context of the parent shell, escaping the sandbox. (CVE-2016-7545)See Also
Solution
Update the affected packages.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.4 (CVSS:3.0/E:U/RL:U/RC:U)CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.5 (CVSS2#E:U/RL:U/RC:UC)References
Plugin Information:
Publication date: 2017/03/16, Modification date: 2017/03/28Ports
tcp/0
Remote package installed : policycoreutils-2.2.5-15.el7 Should be : policycoreutils-2.2.5-16.el7_1 Remote package installed : policycoreutils-python-2.2.5-15.el7 Should be : policycoreutils-python-2.2.5-16.el7_1 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
89771 - RHEL 6 / 7 : nss-util (RHSA-2016:0370) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
Updated nss-util packages that fix one security issue are now available for Red Hat Enterprise 6 and 7. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util package provides a set of utilities for NSS and the Softoken module. A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash, or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library. (CVE-2016-1950) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Francis Gabriel as the original reporter. All nss-util users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all applications linked to the nss and nss-util library must be restarted, or the system rebooted.See Also
Solution
Update the affected nss-util, nss-util-debuginfo and / or nss-util-devel packages.Risk Factor
MediumCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)CVSS Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/03/09, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : nss-util-3.19.1-4.el7_1 Should be : nss-util-3.19.1-9.el7_2 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
89820 - RHEL 6 / 7 : libssh2 (RHSA-2016:0428) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
Updated libssh2 packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libssh2 packages provide a library that implements the SSHv2 protocol. A type confusion issue was found in the way libssh2 generated ephemeral secrets for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. This would cause an SSHv2 Diffie-Hellman handshake to use significantly less secure random parameters. (CVE-2016-0787) Red Hat would like to thank Aris Adamantiadis for reporting this issue. All libssh2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing these updated packages, all running applications using libssh2 must be restarted for this update to take effect.See Also
Solution
Update the affected packages.Risk Factor
MediumCVSS v3.0 Base Score
5.9 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)CVSS v3.0 Temporal Score
5.2 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)CVSS Temporal Score
3.2 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/03/10, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : libssh2-1.4.3-10.el7 Should be : libssh2-1.4.3-10.el7_2.1 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
89954 - RHEL 6 / 7 : samba (RHSA-2016:0448) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
Updated samba packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw was found in the way Samba handled ACLs on symbolic links. An authenticated user could use this flaw to gain access to an arbitrary file or directory by overwriting its ACL. (CVE-2015-7560) Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Jeremy Allison (Google) and the Samba team as the original reporters. All samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically.See Also
Solution
Update the affected packages.Risk Factor
MediumCVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)CVSS v3.0 Temporal Score
5.7 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
4.0 (CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N)CVSS Temporal Score
3.0 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/03/16, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : libsmbclient-4.2.3-11.el7_2 Should be : libsmbclient-4.2.3-12.el7_2 Remote package installed : libwbclient-4.2.3-11.el7_2 Should be : libwbclient-4.2.3-12.el7_2 Remote package installed : samba-client-libs-4.2.3-11.el7_2 Should be : samba-client-libs-4.2.3-12.el7_2 Remote package installed : samba-common-4.2.3-11.el7_2 Should be : samba-common-4.2.3-12.el7_2 Remote package installed : samba-common-libs-4.2.3-11.el7_2 Should be : samba-common-libs-4.2.3-12.el7_2 Remote package installed : samba-common-tools-4.2.3-11.el7_2 Should be : samba-common-tools-4.2.3-12.el7_2 Remote package installed : samba-libs-4.2.3-11.el7_2 Should be : samba-libs-4.2.3-12.el7_2 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
89985 - RHEL 5 / 6 / 7 : bind (RHSA-2016:0459) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
Updated bind packages that fix two security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND parsed signature records for DNAME records. By sending a specially crafted query, a remote attacker could use this flaw to cause named to crash. (CVE-2016-1286) A denial of service flaw was found in the way BIND processed certain control channel input. A remote attacker able to send a malformed packet to the control channel could use this flaw to cause named to crash. (CVE-2016-1285) Red Hat would like to thank ISC for reporting these issues. All bind users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, the BIND daemon (named) will be restarted automatically.See Also
Solution
Update the affected packages.Risk Factor
MediumCVSS v3.0 Base Score
8.6 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H)CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)CVSS Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/03/17, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : bind-libs-9.9.4-29.el7_2.2 Should be : bind-libs-9.9.4-29.el7_2.3 Remote package installed : bind-libs-lite-9.9.4-29.el7_2.2 Should be : bind-libs-lite-9.9.4-29.el7_2.3 Remote package installed : bind-license-9.9.4-29.el7_2.2 Should be : bind-license-9.9.4-29.el7_2.3 Remote package installed : bind-utils-9.9.4-29.el7_2.2 Should be : bind-utils-9.9.4-29.el7_2.3 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
90078 - RHEL 7 : openssh (RHSA-2016:0465) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
Updated openssh packages that fix two security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. It was discovered that the OpenSSH server did not sanitize data received in requests to enable X11 forwarding. An authenticated client with restricted SSH access could possibly use this flaw to bypass intended restrictions. (CVE-2016-3115) An access flaw was discovered in OpenSSH; the OpenSSH client did not correctly handle failures to generate authentication cookies for untrusted X11 forwarding. A malicious or compromised remote X application could possibly use this flaw to establish a trusted connection to the local X server, even if only untrusted X11 forwarding was requested. (CVE-2016-1908) All openssh users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the OpenSSH server daemon (sshd) will be restarted automatically.See Also
Solution
Update the affected packages.Risk Factor
MediumCVSS v3.0 Base Score
6.4 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)CVSS v3.0 Temporal Score
5.9 (CVSS:3.0/E:F/RL:O/RC:X)CVSS Base Score
5.5 (CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N)CVSS Temporal Score
4.5 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/03/22, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : openssh-6.6.1p1-23.el7_2 Should be : openssh-6.6.1p1-25.el7_2 Remote package installed : openssh-clients-6.6.1p1-23.el7_2 Should be : openssh-clients-6.6.1p1-25.el7_2 Remote package installed : openssh-server-6.6.1p1-23.el7_2 Should be : openssh-server-6.6.1p1-25.el7_2 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
90140 - RHEL 6 / 7 : nss-util (RHSA-2016:0495) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
Updated nss-util packages that fix one security issue are now available for Red Hat Enterprise Linux 6.2, 6.4, and 6.5 Advanced Update Support, and Red Hat Enterprise Linux 6.6 and 7.1 Extended Update Support. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util package provides a set of utilities for NSS and the Softoken module. A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash, or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library. (CVE-2016-1950) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Francis Gabriel as the original reporter. All nss-util users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all applications linked to the nss and nss-util libraries must be restarted, or the system rebooted.See Also
Solution
Update the affected nss-util, nss-util-debuginfo and / or nss-util-devel packages.Risk Factor
MediumCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)CVSS Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/03/24, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : nss-util-3.19.1-4.el7_1 Should be : nss-util-3.19.1-5.el7_1 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
90299 - RHEL 7 : krb5 (RHSA-2016:0532) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for krb5 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC). Security Fix(es) : * A memory leak flaw was found in the krb5_unparse_name() function of the MIT Kerberos kadmind service. An authenticated attacker could repeatedly send specially crafted requests to the server, which could cause the server to consume large amounts of memory resources, ultimately leading to a denial of service due to memory exhaustion. (CVE-2015-8631) * An out-of-bounds read flaw was found in the kadmind service of MIT Kerberos. An authenticated attacker could send a maliciously crafted message to force kadmind to read beyond the end of allocated memory, and write the memory contents to the KDC database if the attacker has write permission, leading to information disclosure. (CVE-2015-8629) * A NULL pointer dereference flaw was found in the procedure used by the MIT Kerberos kadmind service to store policies: the kadm5_create_principal_3() and kadm5_modify_principal() function did not ensure that a policy was given when KADM5_POLICY was set. An authenticated attacker with permissions to modify the database could use this flaw to add or modify a principal with a policy set to NULL, causing the kadmind service to crash. (CVE-2015-8630) The CVE-2015-8631 issue was discovered by Simo Sorce of Red Hat.See Also
Solution
Update the affected packages.Risk Factor
MediumCVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)CVSS v3.0 Temporal Score
6.5 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
6.8 (CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C)CVSS Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/04/01, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : krb5-libs-1.13.2-10.el7 Should be : krb5-libs-1.13.2-12.el7_2 Remote package installed : krb5-workstation-1.13.2-10.el7 Should be : krb5-workstation-1.13.2-12.el7_2 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
90492 - RHEL 6 / 7 : samba and samba4 (RHSA-2016:0612) (Badlock) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for samba4 and samba is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7, respectively. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a newer upstream version: Samba (4.2.10). Refer to the Release Notes listed in the References section for a complete list of changes. Security Fix(es) : * Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server (high CPU load or a crash) or, possibly, execute arbitrary code with the permissions of the user running Samba (root). This flaw could also be used to downgrade a secure DCE/RPC connection by a man-in-the-middle attacker taking control of an Active Directory (AD) object and compromising the security of a Samba Active Directory Domain Controller (DC). (CVE-2015-5370) Note: While Samba packages as shipped in Red Hat Enterprise Linux do not support running Samba as an AD DC, this flaw applies to all roles Samba implements. * A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection that a client initiates against a server could be used by a man-in-the-middle attacker to impersonate the authenticated user against the SAMR or LSA service on the server. As a result, the attacker would be able to get read/write access to the Security Account Manager database, and use this to reveal all passwords or any other potentially sensitive information in that database. (CVE-2016-2118) * Several flaws were found in Samba's implementation of NTLMSSP authentication. An unauthenticated, man-in-the-middle attacker could use this flaw to clear the encryption and integrity flags of a connection, causing data to be transmitted in plain text. The attacker could also force the client or server into sending data in plain text even if encryption was explicitly requested for that connection. (CVE-2016-2110) * It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine. (CVE-2016-2111) * It was found that Samba's LDAP implementation did not enforce integrity protection for LDAP connections. A man-in-the-middle attacker could use this flaw to downgrade LDAP connections to use no integrity protection, allowing them to hijack such connections. (CVE-2016-2112) * It was found that Samba did not validate SSL/TLS certificates in certain connections. A man-in-the-middle attacker could use this flaw to spoof a Samba server using a specially crafted SSL/TLS certificate. (CVE-2016-2113) * It was discovered that Samba did not enforce Server Message Block (SMB) signing for clients using the SMB1 protocol. A man-in-the-middle attacker could use this flaw to modify traffic between a client and a server. (CVE-2016-2114) * It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client. (CVE-2016-2115) Red Hat would like to thank the Samba project for reporting these issues. Upstream acknowledges Jouni Knuutinen (Synopsis) as the original reporter of CVE-2015-5370; and Stefan Metzmacher (SerNet) as the original reporter of CVE-2016-2118, CVE-2016-2110, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, and CVE-2016-2115.See Also
Solution
Update the affected packages.Risk Factor
MediumCVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
6.9 (CVSS:3.0/E:F/RL:O/RC:X)CVSS Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)CVSS Temporal Score
5.6 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/04/13, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : libldb-1.1.20-1.el7_2.2 Should be : libldb-1.1.25-1.el7_2 Remote package installed : libsmbclient-4.2.3-11.el7_2 Should be : libsmbclient-4.2.10-6.el7_2 Remote package installed : libtalloc-2.1.2-1.el7 Should be : libtalloc-2.1.5-1.el7_2 Remote package installed : libtdb-1.3.6-2.el7 Should be : libtdb-1.3.8-1.el7_2 Remote package installed : libtevent-0.9.25-1.el7 Should be : libtevent-0.9.26-1.el7_2 Remote package installed : libwbclient-4.2.3-11.el7_2 Should be : libwbclient-4.2.10-6.el7_2 Remote package installed : pytalloc-2.1.2-1.el7 Should be : pytalloc-2.1.5-1.el7_2 Remote package installed : samba-client-libs-4.2.3-11.el7_2 Should be : samba-client-libs-4.2.10-6.el7_2 Remote package installed : samba-common-4.2.3-11.el7_2 Should be : samba-common-4.2.10-6.el7_2 Remote package installed : samba-common-libs-4.2.3-11.el7_2 Should be : samba-common-libs-4.2.10-6.el7_2 Remote package installed : samba-common-tools-4.2.3-11.el7_2 Should be : samba-common-tools-4.2.10-6.el7_2 Remote package installed : samba-libs-4.2.3-11.el7_2 Should be : samba-libs-4.2.10-6.el7_2 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
90495 - RHEL 7 : samba (RHSA-2016:0618) (Badlock) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for samba is now available for Red Hat Enterprise Linux 7.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a newer upstream version: Samba (4.2.10). Refer to the Release Notes listed in the References section for a complete list of changes. Security Fix(es) : * Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server (high CPU load or a crash) or, possibly, execute arbitrary code with the permissions of the user running Samba (root). This flaw could also be used to downgrade a secure DCE/RPC connection by a man-in-the-middle attacker taking control of an Active Directory (AD) object and compromising the security of a Samba Active Directory Domain Controller (DC). (CVE-2015-5370) Note: While Samba packages as shipped in Red Hat Enterprise Linux do not support running Samba as an AD DC, this flaw applies to all roles Samba implements. * A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection that a client initiates against a server could be used by a man-in-the-middle attacker to impersonate the authenticated user against the SAMR or LSA service on the server. As a result, the attacker would be able to get read/write access to the Security Account Manager database, and use this to reveal all passwords or any other potentially sensitive information in that database. (CVE-2016-2118) * Several flaws were found in Samba's implementation of NTLMSSP authentication. An unauthenticated, man-in-the-middle attacker could use this flaw to clear the encryption and integrity flags of a connection, causing data to be transmitted in plain text. The attacker could also force the client or server into sending data in plain text even if encryption was explicitly requested for that connection. (CVE-2016-2110) * It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine. (CVE-2016-2111) * It was found that Samba's LDAP implementation did not enforce integrity protection for LDAP connections. A man-in-the-middle attacker could use this flaw to downgrade LDAP connections to use no integrity protection, allowing them to hijack such connections. (CVE-2016-2112) * It was found that Samba did not validate SSL/TLS certificates in certain connections. A man-in-the-middle attacker could use this flaw to spoof a Samba server using a specially crafted SSL/TLS certificate. (CVE-2016-2113) * It was discovered that Samba did not enforce Server Message Block (SMB) signing for clients using the SMB1 protocol. A man-in-the-middle attacker could use this flaw to modify traffic between a client and a server. (CVE-2016-2114) * It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client. (CVE-2016-2115) Red Hat would like to thank the Samba project for reporting these issues. Upstream acknowledges Jouni Knuutinen (Synopsis) as the original reporter of CVE-2015-5370; and Stefan Metzmacher (SerNet) as the original reporter of CVE-2016-2118, CVE-2016-2110, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, and CVE-2016-2115.See Also
Solution
Update the affected packages.Risk Factor
MediumCVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
6.9 (CVSS:3.0/E:F/RL:O/RC:X)CVSS Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)CVSS Temporal Score
5.6 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/04/13, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : libldb-1.1.20-1.el7_2.2 Should be : libldb-1.1.25-1.el7_1 Remote package installed : libsmbclient-4.2.3-11.el7_2 Should be : libsmbclient-4.2.10-5.el7_1 Remote package installed : libtalloc-2.1.2-1.el7 Should be : libtalloc-2.1.5-1.el7_1 Remote package installed : libtdb-1.3.6-2.el7 Should be : libtdb-1.3.8-1.el7_1 Remote package installed : libtevent-0.9.25-1.el7 Should be : libtevent-0.9.26-1.el7_1 Remote package installed : libwbclient-4.2.3-11.el7_2 Should be : libwbclient-4.2.10-5.el7_1 Remote package installed : pytalloc-2.1.2-1.el7 Should be : pytalloc-2.1.5-1.el7_1 Remote package installed : samba-client-libs-4.2.3-11.el7_2 Should be : samba-client-libs-4.2.10-5.el7_1 Remote package installed : samba-common-4.2.3-11.el7_2 Should be : samba-common-4.2.10-5.el7_1 Remote package installed : samba-common-libs-4.2.3-11.el7_2 Should be : samba-common-libs-4.2.10-5.el7_1 Remote package installed : samba-common-tools-4.2.3-11.el7_2 Should be : samba-common-tools-4.2.10-5.el7_1 Remote package installed : samba-libs-4.2.3-11.el7_2 Should be : samba-libs-4.2.10-5.el7_1 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
91214 - RHEL 7 : libndp (RHSA-2016:1086) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for libndp is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Libndp is a library (used by NetworkManager) that provides a wrapper for the IPv6 Neighbor Discovery Protocol. It also provides a tool named ndptool for sending and receiving NDP messages. Security Fix(es) : * It was found that libndp did not properly validate and check the origin of Neighbor Discovery Protocol (NDP) messages. An attacker on a non-local network could use this flaw to advertise a node as a router, allowing them to perform man-in-the-middle attacks on a connecting client, or disrupt the network connectivity of that client. (CVE-2016-3698) Red Hat would like to thank Julien Bernard (Viagenie) for reporting this issue.See Also
Solution
Update the affected libndp, libndp-debuginfo and / or libndp-devel packages.Risk Factor
MediumCVSS v3.0 Base Score
8.1 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.1 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)CVSS Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/05/18, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : libndp-1.2-4.el7 Should be : libndp-1.2-6.el7_2 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
91420 - RHEL 6 / 7 : ntp (RHSA-2016:1141) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for ntp is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix(es) : * It was found that when NTP was configured in broadcast mode, a remote attacker could broadcast packets with bad authentication to all clients. The clients, upon receiving the malformed packets, would break the association with the broadcast server, causing them to become out of sync over a longer period of time. (CVE-2015-7979) * A denial of service flaw was found in the way NTP handled preemptable client associations. A remote attacker could send several crypto NAK packets to a victim client, each with a spoofed source address of an existing associated peer, preventing that client from synchronizing its time. (CVE-2016-1547) * It was found that an ntpd client could be forced to change from basic client/server mode to the interleaved symmetric mode. A remote attacker could use a spoofed packet that, when processed by an ntpd client, would cause that client to reject all future legitimate server responses, effectively disabling time synchronization on that client. (CVE-2016-1548) * A flaw was found in the way NTP's libntp performed message authentication. An attacker able to observe the timing of the comparison function used in packet authentication could potentially use this flaw to recover the message digest. (CVE-2016-1550) * An out-of-bounds access flaw was found in the way ntpd processed certain packets. An authenticated attacker could use a crafted packet to create a peer association with hmode of 7 and larger, which could potentially (although highly unlikely) cause ntpd to crash. (CVE-2016-2518) The CVE-2016-1548 issue was discovered by Miroslav Lichvar (Red Hat).See Also
Solution
Update the affected packages.Risk Factor
MediumCVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)CVSS v3.0 Temporal Score
6.5 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P)CVSS Temporal Score
4.7 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/06/01, Modification date: 2017/02/13Ports
tcp/0
Remote package installed : ntpdate-4.2.6p5-22.el7_2.1 Should be : ntpdate-4.2.6p5-22.el7_2.2 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
92579 - RHEL 7 : samba (RHSA-2016:1486) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for samba is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es) : * A flaw was found in the way Samba initiated signed DCE/RPC connections. A man-in-the-middle attacker could use this flaw to downgrade the connection to not use signing and therefore impersonate the server. (CVE-2016-2119) Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Stefan Metzmacher as the original reporter. Bug Fix(es) : * Previously, the 'net' command in some cases failed to join the client to Active Directory (AD) because the permissions setting prevented modification of the supported Kerberos encryption type LDAP attribute. With this update, Samba has been fixed to allow joining an AD domain as a user. In addition, Samba now uses the machine account credentials to set up the Kerberos encryption types within AD for the joined machine. As a result, using 'net' to join a domain now works more reliably. (BZ#1351260) * Previously, the idmap_hash module worked incorrectly when it was used together with other modules. As a consequence, user and group IDs were not mapped properly. A patch has been applied to skip already configured modules. Now, the hash module can be used as the default idmap configuration back end and IDs are resolved correctly. (BZ#1350759)See Also
Solution
Update the affected packages.Risk Factor
MediumCVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
6.5 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)CVSS Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/07/27, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : libsmbclient-4.2.3-11.el7_2 Should be : libsmbclient-4.2.10-7.el7_2 Remote package installed : libwbclient-4.2.3-11.el7_2 Should be : libwbclient-4.2.10-7.el7_2 Remote package installed : samba-client-libs-4.2.3-11.el7_2 Should be : samba-client-libs-4.2.10-7.el7_2 Remote package installed : samba-common-4.2.3-11.el7_2 Should be : samba-common-4.2.10-7.el7_2 Remote package installed : samba-common-libs-4.2.3-11.el7_2 Should be : samba-common-libs-4.2.10-7.el7_2 Remote package installed : samba-common-tools-4.2.3-11.el7_2 Should be : samba-common-tools-4.2.10-7.el7_2 Remote package installed : samba-libs-4.2.3-11.el7_2 Should be : samba-libs-4.2.10-7.el7_2 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
92938 - RHEL 7 : mariadb (RHSA-2016:1602) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for mariadb is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a newer upstream version: mariadb (5.5.50). Security Fix(es) : * This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory pages, listed in the References section. (CVE-2016-0640, CVE-2016-0641, CVE-2016-0643, CVE-2016-0644, CVE-2016-0646, CVE-2016-0647, CVE-2016-0648, CVE-2016-0649, CVE-2016-0650, CVE-2016-0666, CVE-2016-3452, CVE-2016-3477, CVE-2016-3521, CVE-2016-3615, CVE-2016-5440, CVE-2016-5444)See Also
Solution
Update the affected packages.Risk Factor
MediumCVSS v3.0 Base Score
8.1 (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.1 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
6.8 (CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C)CVSS Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/08/12, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : mariadb-libs-5.5.44-1.el7_1 Should be : mariadb-libs-5.5.50-1.el7_2 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
93039 - RHEL 6 / 7 : python (RHSA-2016:1626) (httpoxy) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for python is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es) : * It was discovered that the Python CGIHandler class did not properly protect against the HTTP_PROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a Python CGI script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-1000110) * It was found that Python's smtplib library did not return an exception when StartTLS failed to be established in the SMTP.starttls() function. A man in the middle attacker could strip out the STARTTLS command without generating an exception on the Python SMTP client application, preventing the establishment of the TLS layer. (CVE-2016-0772) * It was found that the Python's httplib library (used by urllib, urllib2 and others) did not properly check HTTPConnection.putheader() function arguments. An attacker could use this flaw to inject additional headers in a Python application that allowed user provided header names or values. (CVE-2016-5699) Red Hat would like to thank Scott Geary (VendHQ) for reporting CVE-2016-1000110.See Also
Solution
Update the affected packages.Risk Factor
MediumCVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)CVSS Temporal Score
4.1 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/08/19, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : python-2.7.5-34.el7 Should be : python-2.7.5-38.el7_2 Remote package installed : python-libs-2.7.5-34.el7 Should be : python-libs-2.7.5-38.el7_2 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
93042 - RHEL 7 : kernel (RHSA-2016:1633) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the RFC 5961 challenge ACK rate limiting as implemented in the Linux kernel's networking subsystem allowed an off-path attacker to leak certain information about a given connection by creating congestion on the global challenge ACK rate limit counter and then measuring the changes by probing packets. An off-path attacker could use this flaw to either terminate TCP connection and/or inject payload into non-secured TCP connection between two endpoints on the network. (CVE-2016-5696, Important) Red Hat would like to thank Yue Cao from Cyber Security Group in the CS department of University of California, Riverside, for reporting this issue.See Also
Solution
Update the affected packages.Risk Factor
MediumCVSS v3.0 Base Score
4.8 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)CVSS v3.0 Temporal Score
4.4 (CVSS:3.0/E:F/RL:O/RC:X)CVSS Base Score
5.8 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P)CVSS Temporal Score
4.8 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/08/19, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : kernel-3.10.0-327.10.1.el7 Should be : kernel-3.10.0-327.28.3.el7 Remote package installed : kernel-devel-3.10.0-327.10.1.el7 Should be : kernel-devel-3.10.0-327.28.3.el7 Remote package installed : kernel-headers-3.10.0-327.10.1.el7 Should be : kernel-headers-3.10.0-327.28.3.el7 Remote package installed : kernel-tools-3.10.0-327.10.1.el7 Should be : kernel-tools-3.10.0-327.28.3.el7 Remote package installed : kernel-tools-libs-3.10.0-327.10.1.el7 Should be : kernel-tools-libs-3.10.0-327.28.3.el7 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
94536 - RHEL 7 : glibc (RHSA-2016:2573) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for glibc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es) : * A stack overflow vulnerability was found in _nss_dns_getnetbyname_r. On systems with nsswitch configured to include 'networks: dns' with a privileged or network-facing service that would attempt to resolve user-provided network names, an attacker could provide an excessively long network name, resulting in stack corruption and code execution. (CVE-2016-3075) This issue was discovered by Florian Weimer (Red Hat). Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.See Also
Solution
Update the affected packages.Risk Factor
MediumCVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)CVSS Temporal Score
3.9 (CVSS2#E:POC/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/11/04, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : glibc-2.17-106.el7_2.4 Should be : glibc-2.17-157.el7 Remote package installed : glibc-common-2.17-106.el7_2.4 Should be : glibc-common-2.17-157.el7 Remote package installed : glibc-devel-2.17-106.el7_2.4 Should be : glibc-devel-2.17-157.el7 Remote package installed : glibc-headers-2.17-106.el7_2.4 Should be : glibc-headers-2.17-157.el7 Remote package installed : nscd-2.17-106.el7_2.4 Should be : nscd-2.17-157.el7 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
94538 - RHEL 7 : curl (RHSA-2016:2575) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for curl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix(es) : * It was found that the libcurl library did not prevent TLS session resumption when the client certificate had changed. An attacker could potentially use this flaw to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate. (CVE-2016-5419) * It was found that the libcurl library did not check the client certificate when choosing the TLS connection to reuse. An attacker could potentially use this flaw to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate. (CVE-2016-5420) * It was found that the libcurl library using the NSS (Network Security Services) library as TLS/SSL backend incorrectly re-used client certificates for subsequent TLS connections in certain cases. An attacker could potentially use this flaw to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate. (CVE-2016-7141) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.See Also
Solution
Update the affected packages.Risk Factor
MediumCVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)CVSS v3.0 Temporal Score
6.9 (CVSS:3.0/E:F/RL:O/RC:X)CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)CVSS Temporal Score
4.1 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/11/04, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : curl-7.29.0-25.el7 Should be : curl-7.29.0-35.el7 Remote package installed : libcurl-7.29.0-25.el7 Should be : libcurl-7.29.0-35.el7 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
94546 - RHEL 7 : ntp (RHSA-2016:2583) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for ntp is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix(es) : * It was found that the fix for CVE-2014-9750 was incomplete: three issues were found in the value length checks in NTP's ntp_crypto.c, where a packet with particular autokey operations that contained malicious data was not always being completely validated. A remote attacker could use a specially crafted NTP packet to crash ntpd. (CVE-2015-7691, CVE-2015-7692, CVE-2015-7702) * A memory leak flaw was found in ntpd's CRYPTO_ASSOC. If ntpd was configured to use autokey authentication, an attacker could send packets to ntpd that would, after several days of ongoing attack, cause it to run out of memory. (CVE-2015-7701) * An off-by-one flaw, leading to a buffer overflow, was found in cookedprint functionality of ntpq. A specially crafted NTP packet could potentially cause ntpq to crash. (CVE-2015-7852) * A NULL pointer dereference flaw was found in the way ntpd processed 'ntpdc reslist' commands that queried restriction lists with a large amount of entries. A remote attacker could potentially use this flaw to crash ntpd. (CVE-2015-7977) * A stack-based buffer overflow flaw was found in the way ntpd processed 'ntpdc reslist' commands that queried restriction lists with a large amount of entries. A remote attacker could use this flaw to crash ntpd. (CVE-2015-7978) * It was found that when NTP was configured in broadcast mode, a remote attacker could broadcast packets with bad authentication to all clients. The clients, upon receiving the malformed packets, would break the association with the broadcast server, causing them to become out of sync over a longer period of time. (CVE-2015-7979) * It was found that ntpd could crash due to an uninitialized variable when processing malformed logconfig configuration commands. (CVE-2015-5194) * It was found that ntpd would exit with a segmentation fault when a statistics type that was not enabled during compilation (e.g. timingstats) was referenced by the statistics or filegen configuration command. (CVE-2015-5195) * It was found that NTP's :config command could be used to set the pidfile and driftfile paths without any restrictions. A remote attacker could use this flaw to overwrite a file on the file system with a file containing the pid of the ntpd process (immediately) or the current estimated drift of the system clock (in hourly intervals). (CVE-2015-5196, CVE-2015-7703) * It was discovered that the sntp utility could become unresponsive due to being caught in an infinite loop when processing a crafted NTP packet. (CVE-2015-5219) * A flaw was found in the way NTP verified trusted keys during symmetric key authentication. An authenticated client (A) could use this flaw to modify a packet sent between a server (B) and a client (C) using a key that is different from the one known to the client (A). (CVE-2015-7974) * A flaw was found in the way the ntpq client processed certain incoming packets in a loop in the getresponse() function. A remote attacker could potentially use this flaw to crash an ntpq client instance. (CVE-2015-8158) The CVE-2015-5219 and CVE-2015-7703 issues were discovered by Miroslav Lichvar (Red Hat). Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.See Also
Solution
Update the affected packages.Risk Factor
MediumCVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)CVSS v3.0 Temporal Score
6.5 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)CVSS Temporal Score
4.1 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/11/04, Modification date: 2017/03/08Ports
tcp/0
Remote package installed : ntpdate-4.2.6p5-22.el7_2.1 Should be : ntpdate-4.2.6p5-25.el7 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
94550 - RHEL 7 : wget (RHSA-2016:2587) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for wget is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Security Fix(es) : * It was found that wget used a file name provided by the server for the downloaded file when following an HTTP redirect to a FTP server resource. This could cause wget to create a file with a different name than expected, possibly allowing the server to execute arbitrary code on the client. (CVE-2016-4971) Red Hat would like to thank GNU wget project for reporting this issue. Upstream acknowledges Dawid Golunski as the original reporter. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.See Also
Solution
Update the affected wget and / or wget-debuginfo packages.Risk Factor
MediumCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
8.1 (CVSS:3.0/E:F/RL:O/RC:X)CVSS Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)CVSS Temporal Score
3.6 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/11/04, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : wget-1.14-10.el7_0.1 Should be : wget-1.14-13.el7 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
94554 - RHEL 7 : krb5 (RHSA-2016:2591) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for krb5 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC). The following packages have been upgraded to a newer upstream version: krb5 (1.14.1). (BZ#1292153) Security Fix(es) : * A NULL pointer dereference flaw was found in MIT Kerberos kadmind service. An authenticated attacker with permission to modify a principal entry could use this flaw to cause kadmind to dereference a NULL pointer and crash by supplying an empty DB argument to the modify_principal command, if kadmind was configured to use the LDAP KDB module. (CVE-2016-3119) * A NULL pointer dereference flaw was found in MIT Kerberos krb5kdc service. An authenticated attacker could use this flaw to cause krb5kdc to dereference a NULL pointer and crash by making an S4U2Self request, if the restrict_anonymous_to_tgt option was set to true. (CVE-2016-3120) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.See Also
Solution
Update the affected packages.Risk Factor
MediumCVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)CVSS Base Score
4.0 (CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P)CVSS Temporal Score
3.3 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IReferences
Plugin Information:
Publication date: 2016/11/04, Modification date: 2017/01/11Ports
tcp/0
Remote package installed : krb5-libs-1.13.2-10.el7 Should be : krb5-libs-1.14.1-26.el7 Remote package installed : krb5-workstation-1.13.2-10.el7 Should be : krb5-workstation-1.14.1-26.el7 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
94556 - RHEL 7 : sudo (RHSA-2016:2593) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for sudo is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix(es) : * It was discovered that the default sudo configuration preserved the value of INPUTRC from the user's environment, which could lead to information disclosure. A local user with sudo access to a restricted program that uses readline could use this flaw to read content from specially formatted files with elevated privileges provided by sudo. (CVE-2016-7091) Note: With this update, INPUTRC was removed from the env_keep list in /etc/sudoers to avoid having sudo preserve the value of this variable when invoking privileged commands. Red Hat would like to thank Grisha Levit for reporting this issue. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.See Also
Solution
Update the affected sudo, sudo-debuginfo and / or sudo-devel packages.Risk Factor
MediumCVSS v3.0 Base Score
4.4 (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)CVSS Base Score
4.9 (CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N)CVSS Temporal Score
4.4 (CVSS2#E:POC/RL:U/RC:ND)References
Plugin Information:
Publication date: 2016/11/04, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : sudo-1.8.6p7-13.el7 Should be : sudo-1.8.6p7-20.el7 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
94564 - RHEL 7 : fontconfig (RHSA-2016:2601) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for fontconfig is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Fontconfig is designed to locate fonts within the system and select them according to requirements specified by applications. Security Fix(es) : * It was found that cache files were insufficiently validated in fontconfig. A local attacker could create a specially crafted cache file to trigger arbitrary free() calls, which in turn could lead to arbitrary code execution. (CVE-2016-5384) Red Hat would like to thank Tobias Stoeckmann for reporting this issue. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.See Also
Solution
Update the affected packages.Risk Factor
MediumCVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)CVSS Base Score
4.6 (CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P)CVSS Temporal Score
3.4 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/11/04, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : fontconfig-2.10.95-7.el7 Should be : fontconfig-2.10.95-10.el7 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
94568 - RHEL 7 : util-linux (RHSA-2016:2605) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for util-linux is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The util-linux packages contain a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, these include the fdisk configuration tool and the login program. Security Fix(es) : * It was found that util-linux's libblkid library did not properly handle Extended Boot Record (EBR) partitions when reading MS-DOS partition tables. An attacker with physical USB access to a protected machine could insert a storage device with a specially crafted partition table that could, for example, trigger an infinite loop in systemd-udevd, resulting in a denial of service on that machine. (CVE-2016-5011) Red Hat would like to thank Michael Gruhn for reporting this issue. Upstream acknowledges Christian Moch as the original reporter. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.See Also
Solution
Update the affected packages.Risk Factor
MediumCVSS Base Score
4.9 (CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C)CVSS Temporal Score
4.0 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/11/04, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : libblkid-2.23.2-21.el7 Should be : libblkid-2.23.2-33.el7 Remote package installed : libmount-2.23.2-21.el7 Should be : libmount-2.23.2-33.el7 Remote package installed : libuuid-2.23.2-21.el7 Should be : libuuid-2.23.2-33.el7 Remote package installed : util-linux-2.23.2-21.el7 Should be : util-linux-2.23.2-33.el7 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
94603 - RHEL 7 : systemd (RHSA-2016:2610) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for systemd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es) : * A flaw was found in the way systemd handled empty notification messages. A local attacker could use this flaw to make systemd freeze its execution, preventing further management of system services, system shutdown, or zombie process collection via systemd. (CVE-2016-7795) Bug Fix(es) : * Previously, the udev device manager automatically enabled all memory banks on IBM z System installations. As a consequence, hot plug memory was enabled automatically, which was incorrect. With this update, system architecture checks have been added to the udev rules to address the problem. As a result, hot plug memory is no longer automatically enabled. (BZ#1381123)See Also
Solution
Update the affected packages.Risk Factor
MediumCVSS v3.0 Base Score
5.5 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)CVSS v3.0 Temporal Score
5.1 (CVSS:3.0/E:F/RL:O/RC:X)CVSS Base Score
4.9 (CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C)CVSS Temporal Score
4.0 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/11/07, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : libgudev1-219-19.el7_2.4 Should be : libgudev1-219-30.el7_3.3 Remote package installed : systemd-219-19.el7_2.4 Should be : systemd-219-30.el7_3.3 Remote package installed : systemd-libs-219-19.el7_2.4 Should be : systemd-libs-219-30.el7_3.3 Remote package installed : systemd-python-219-19.el7_2.4 Should be : systemd-python-219-30.el7_3.3 Remote package installed : systemd-sysv-219-19.el7_2.4 Should be : systemd-sysv-219-30.el7_3.3 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
94605 - RHEL 7 : bind (RHSA-2016:2615) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es) : * A denial of service flaw was found in the way BIND handled responses containing a DNAME answer. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. (CVE-2016-8864) Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Tony Finch (University of Cambridge) and Marco Davids (SIDN Labs) as the original reporters.See Also
Solution
Update the affected packages.Risk Factor
MediumCVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)CVSS Temporal Score
4.1 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/11/07, Modification date: 2017/01/23Ports
tcp/0
Remote package installed : bind-libs-9.9.4-29.el7_2.2 Should be : bind-libs-9.9.4-38.el7_3 Remote package installed : bind-libs-lite-9.9.4-29.el7_2.2 Should be : bind-libs-lite-9.9.4-38.el7_3 Remote package installed : bind-license-9.9.4-29.el7_2.2 Should be : bind-license-9.9.4-38.el7_3 Remote package installed : bind-utils-9.9.4-29.el7_2.2 Should be : bind-utils-9.9.4-38.el7_3 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
94626 - RHEL 6 / 7 : libgcrypt (RHSA-2016:2674) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for libgcrypt is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libgcrypt library provides general-purpose implementations of various cryptographic algorithms. Security Fix(es) : * A design flaw was found in the libgcrypt PRNG (Pseudo-Random Number Generator). An attacker able to obtain the first 580 bytes of the PRNG output could predict the following 20 bytes. (CVE-2016-6313) Red Hat would like to thank Felix Dorre and Vladimir Klebanov for reporting this issue.See Also
Solution
Update the affected libgcrypt, libgcrypt-debuginfo and / or libgcrypt-devel packages.Risk Factor
MediumCVSS v3.0 Base Score
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)CVSS v3.0 Temporal Score
4.9 (CVSS:3.0/E:F/RL:O/RC:X)CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)CVSS Temporal Score
4.1 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/11/08, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : libgcrypt-1.5.3-12.el7 Should be : libgcrypt-1.5.3-13.el7_3.1 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
95600 - RHEL 6 / 7 : sudo (RHSA-2016:2872) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for sudo is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix(es) : * It was discovered that the sudo noexec restriction could have been bypassed if application run via sudo executed system(), popen(), or wordexp() C library functions with a user-supplied argument. A local user permitted to run such application via sudo with noexec restriction could use these flaws to execute arbitrary commands with elevated privileges. (CVE-2016-7032, CVE-2016-7076) These issues were discovered by Florian Weimer (Red Hat).See Also
Solution
Update the affected sudo, sudo-debuginfo and / or sudo-devel packages.Risk Factor
MediumCVSS Base Score
6.6 (CVSS2#AV:L/AC:M/Au:S/C:C/I:C/A:C)CVSS Temporal Score
5.5 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/12/07, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : sudo-1.8.6p7-13.el7 Should be : sudo-1.8.6p7-21.el7_3 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
95983 - RHEL 6 / 7 : vim (RHSA-2016:2972) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for vim is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Vim (Vi IMproved) is an updated and improved version of the vi editor. Security Fix(es) : * A vulnerability was found in vim in how certain modeline options were treated. An attacker could craft a file that, when opened in vim with modelines enabled, could execute arbitrary commands with privileges of the user running vim. (CVE-2016-1248)See Also
Solution
Update the affected packages.Risk Factor
MediumCVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)CVSS Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/12/21, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : vim-common-7.4.160-1.el7 Should be : vim-common-7.4.160-1.el7_3.1 Remote package installed : vim-enhanced-7.4.160-1.el7 Should be : vim-enhanced-7.4.160-1.el7_3.1 Remote package installed : vim-filesystem-7.4.160-1.el7 Should be : vim-filesystem-7.4.160-1.el7_3.1 Remote package installed : vim-minimal-7.4.160-1.el7 Should be : vim-minimal-7.4.160-1.el7_3.1 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
96308 - RHEL 7 : ghostscript (RHSA-2017:0013) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for ghostscript is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es) : * It was found that the ghostscript functions getenv, filenameforall and .libfile did not honor the -dSAFER option, usually used when processing untrusted documents, leading to information disclosure. A specially crafted postscript document could read environment variable, list directory and retrieve file content respectively, from the target. (CVE-2013-5653, CVE-2016-7977) * It was found that the ghostscript function .setdevice suffered a use-after-free vulnerability due to an incorrect reference count. A specially crafted postscript document could trigger code execution in the context of the gs process. (CVE-2016-7978) * It was found that the ghostscript function .initialize_dsc_parser did not validate its parameter before using it, allowing a type confusion flaw. A specially crafted postscript document could cause a crash code execution in the context of the gs process. (CVE-2016-7979) * It was found that ghostscript did not sufficiently check the validity of parameters given to the .sethalftone5 function. A specially crafted postscript document could cause a crash, or execute arbitrary code in the context of the gs process. (CVE-2016-8602)See Also
Solution
Update the affected packages.Risk Factor
MediumCVSS v3.0 Base Score
5.5 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)CVSS v3.0 Temporal Score
5.1 (CVSS:3.0/E:F/RL:O/RC:X)CVSS Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)CVSS Temporal Score
3.6 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2017/01/05, Modification date: 2017/03/13Ports
tcp/0
Remote package installed : ghostscript-9.07-18.el7 Should be : ghostscript-9.07-20.el7_3.1 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
96523 - RHEL 7 : bind (RHSA-2017:0062) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es) : * A denial of service flaw was found in the way BIND processed a response to an ANY query. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. (CVE-2016-9131) * A denial of service flaw was found in the way BIND handled a query response containing inconsistent DNSSEC information. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. (CVE-2016-9147) * A denial of service flaw was found in the way BIND handled an unusually-formed DS record response. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. (CVE-2016-9444) Red Hat would like to thank ISC for reporting these issues.See Also
Solution
Update the affected packages.Risk Factor
MediumCVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)CVSS Temporal Score
4.1 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2017/01/16, Modification date: 2017/02/21Ports
tcp/0
Remote package installed : bind-libs-9.9.4-29.el7_2.2 Should be : bind-libs-9.9.4-38.el7_3.1 Remote package installed : bind-libs-lite-9.9.4-29.el7_2.2 Should be : bind-libs-lite-9.9.4-38.el7_3.1 Remote package installed : bind-license-9.9.4-29.el7_2.2 Should be : bind-license-9.9.4-38.el7_3.1 Remote package installed : bind-utils-9.9.4-29.el7_2.2 Should be : bind-utils-9.9.4-38.el7_3.1 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
96693 - RHEL 6 / 7 : java-1.8.0-openjdk (RHSA-2017:0180) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es) : * It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. (CVE-2017-3241) This issue was addressed by introducing whitelists of classes that can be deserialized by RMI registry or DCG. These whitelists can be customized using the newly introduced sun.rmi.registry.registryFilter and sun.rmi.transport.dgcFilter security properties. * Multiple flaws were discovered in the Libraries and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2017-3272, CVE-2017-3289) * A covert timing channel flaw was found in the DSA implementation in the Libraries component of OpenJDK. A remote attacker could possibly use this flaw to extract certain information about the used key via a timing side channel. (CVE-2016-5548) * It was discovered that the Libraries component of OpenJDK accepted ECSDA signatures using non-canonical DER encoding. This could cause a Java application to accept signature in an incorrect format not accepted by other cryptographic tools. (CVE-2016-5546) * It was discovered that the 2D component of OpenJDK performed parsing of iTXt and zTXt PNG image chunks even when configured to ignore metadata. An attacker able to make a Java application parse a specially crafted PNG image could cause the application to consume an excessive amount of memory. (CVE-2017-3253) * It was discovered that the Libraries component of OpenJDK did not validate the length of the object identifier read from the DER input before allocating memory to store the OID. An attacker able to make a Java application decode a specially crafted DER input could cause the application to consume an excessive amount of memory. (CVE-2016-5547) * It was discovered that the JAAS component of OpenJDK did not use the correct way to extract user DN from the result of the user search LDAP query. A specially crafted user LDAP entry could cause the application to use an incorrect DN. (CVE-2017-3252) * It was discovered that the Networking component of OpenJDK failed to properly parse user info from the URL. A remote attacker could cause a Java application to incorrectly parse an attacker supplied URL and interpret it differently from other applications processing the same URL. (CVE-2016-5552) * Multiple flaws were found in the Networking components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2017-3261, CVE-2017-3231) * A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183) This update mitigates the CVE-2016-2183 issue by adding 3DES cipher suites to the list of legacy algorithms (defined using the jdk.tls.legacyAlgorithms security property) so they are only used if connecting TLS/SSL client and server do not share any other non-legacy cipher suite. Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.See Also
Solution
Update the affected packages.Risk Factor
MediumCVSS v3.0 Base Score
9.6 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)CVSS Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)CVSS Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2017/01/23, Modification date: 2017/02/06Ports
tcp/0
Remote package installed : java-1.8.0-openjdk-1.8.0.71-2.b15.el7_2 Should be : java-1.8.0-openjdk-1.8.0.121-0.b13.el7_3 Remote package installed : java-1.8.0-openjdk-headless-1.8.0.71-2.b15.el7_2 Should be : java-1.8.0-openjdk-headless-1.8.0.121-0.b13.el7_3 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
97121 - RHEL 5 / 6 / 7 : java-1.7.0-openjdk (RHSA-2017:0269) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es) : * It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. (CVE-2017-3241) This issue was addressed by introducing whitelists of classes that can be deserialized by RMI registry or DCG. These whitelists can be customized using the newly introduced sun.rmi.registry.registryFilter and sun.rmi.transport.dgcFilter security properties. * Multiple flaws were discovered in the Libraries and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2017-3272, CVE-2017-3289) * A covert timing channel flaw was found in the DSA implementation in the Libraries component of OpenJDK. A remote attacker could possibly use this flaw to extract certain information about the used key via a timing side channel. (CVE-2016-5548) * It was discovered that the Libraries component of OpenJDK accepted ECSDA signatures using non-canonical DER encoding. This could cause a Java application to accept signature in an incorrect format not accepted by other cryptographic tools. (CVE-2016-5546) * It was discovered that the 2D component of OpenJDK performed parsing of iTXt and zTXt PNG image chunks even when configured to ignore metadata. An attacker able to make a Java application parse a specially crafted PNG image could cause the application to consume an excessive amount of memory. (CVE-2017-3253) * It was discovered that the Libraries component of OpenJDK did not validate the length of the object identifier read from the DER input before allocating memory to store the OID. An attacker able to make a Java application decode a specially crafted DER input could cause the application to consume an excessive amount of memory. (CVE-2016-5547) * It was discovered that the JAAS component of OpenJDK did not use the correct way to extract user DN from the result of the user search LDAP query. A specially crafted user LDAP entry could cause the application to use an incorrect DN. (CVE-2017-3252) * It was discovered that the Networking component of OpenJDK failed to properly parse user info from the URL. A remote attacker could cause a Java application to incorrectly parse an attacker supplied URL and interpret it differently from other applications processing the same URL. (CVE-2016-5552) * Multiple flaws were found in the Networking components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2017-3261, CVE-2017-3231) * A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183) This update mitigates the CVE-2016-2183 issue by adding 3DES cipher suites to the list of legacy algorithms (defined using the jdk.tls.legacyAlgorithms security property) so they are only used if connecting TLS/SSL client and server do not share any other non-legacy cipher suite.See Also
Solution
Update the affected packages.Risk Factor
MediumCVSS v3.0 Base Score
9.6 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)CVSS Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)CVSS Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2017/02/13, Modification date: 2017/02/15Ports
tcp/0
Remote package installed : java-1.7.0-openjdk-1.7.0.95-2.6.4.0.el7_2 Should be : java-1.7.0-openjdk-1.7.0.131-2.6.9.0.el7_3 Remote package installed : java-1.7.0-openjdk-headless-1.7.0.95-2.6.4.0.el7_2 Should be : java-1.7.0-openjdk-headless-1.7.0.131-2.6.9.0.el7_3 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
97200 - RHEL 7 : bind (RHSA-2017:0276) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es) : * A denial of service flaw was found in the way BIND handled query responses when both DNS64 and RPZ were used. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure or a NULL pointer dereference via a specially crafted DNS response. (CVE-2017-3135) Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Ramesh Damodaran (Infoblox) and Aliaksandr Shubnik (Infoblox) as the original reporter.See Also
Solution
Update the affected packages.Risk Factor
MediumCVSS Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)CVSS Temporal Score
3.6 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IReferences
| CVE |
CVE-2017-3135
|
| XREF |
OSVDB:151758 |
| XREF |
RHSA:2017:0276 |
| XREF |
IAVA:2017-A-0043 |
Plugin Information:
Publication date: 2017/02/16, Modification date: 2017/02/21Ports
tcp/0
Remote package installed : bind-libs-9.9.4-29.el7_2.2 Should be : bind-libs-9.9.4-38.el7_3.2 Remote package installed : bind-libs-lite-9.9.4-29.el7_2.2 Should be : bind-libs-lite-9.9.4-38.el7_3.2 Remote package installed : bind-license-9.9.4-29.el7_2.2 Should be : bind-license-9.9.4-38.el7_3.2 Remote package installed : bind-utils-9.9.4-29.el7_2.2 Should be : bind-utils-9.9.4-38.el7_3.2 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
97294 - RHEL 6 / 7 : openssl (RHSA-2017:0286) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for openssl is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es) : * An integer underflow leading to an out of bounds read flaw was found in OpenSSL. A remote attacker could possibly use this flaw to crash a 32-bit TLS/SSL server or client using OpenSSL if it used the RC4-MD5 cipher suite. (CVE-2017-3731) * A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections form other clients. (CVE-2016-8610)See Also
Solution
Update the affected packages.Risk Factor
MediumCVSS Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)CVSS Temporal Score
3.2 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2017/02/21, Modification date: 2017/02/27Ports
tcp/0
Remote package installed : openssl-1.0.1e-51.el7_2.4 Should be : openssl-1.0.1e-60.el7_3.1 Remote package installed : openssl-libs-1.0.1e-51.el7_2.4 Should be : openssl-libs-1.0.1e-60.el7_3.1 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
94544 - RHEL 7 : NetworkManager (RHSA-2016:2581) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for NetworkManager is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband (WWAN), and PPPoE devices, as well as providing VPN integration with a variety of different VPN services. The following packages have been upgraded to a newer upstream version: NetworkManager (1.4.0), NetworkManager-libreswan (1.2.4), network-manager-applet (1.4.0), libnl3 (3.2.28). (BZ#1264552, BZ#1296058, BZ#1032717, BZ#1271581) Security Fix(es) : * A race condition vulnerability was discovered in NetworkManager. Temporary files were created insecurely when saving or updating connection settings, which could allow local users to read connection secrets such as VPN passwords or WiFi keys. (CVE-2016-0764) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.See Also
Solution
Update the affected packages.Risk Factor
LowCVSS Base Score
2.1 (CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N)CVSS Temporal Score
1.6 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/11/04, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : NetworkManager-1.0.6-27.el7 Should be : NetworkManager-1.4.0-12.el7 Remote package installed : NetworkManager-config-server-1.0.6-27.el7 Should be : NetworkManager-config-server-1.4.0-12.el7 Remote package installed : NetworkManager-libnm-1.0.6-27.el7 Should be : NetworkManager-libnm-1.4.0-12.el7 Remote package installed : NetworkManager-team-1.0.6-27.el7 Should be : NetworkManager-team-1.4.0-12.el7 Remote package installed : NetworkManager-tui-1.0.6-27.el7 Should be : NetworkManager-tui-1.4.0-12.el7 Remote package installed : libnl3-3.2.21-8.el7 Should be : libnl3-3.2.28-2.el7 Remote package installed : libnl3-cli-3.2.21-8.el7 Should be : libnl3-cli-3.2.28-2.el7 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
94555 - RHEL 7 : subscription-manager (RHSA-2016:2592) |
[-/+] |
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for subscription-manager, subscription-manager-migration-data, and python-rhsm is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform. The subscription-manager-migration-data package provides certificates for migrating a system from the legacy Red Hat Network Classic (RHN) to Red Hat Subscription Management (RHSM). The python-rhsm packages provide a library for communicating with the representational state transfer (REST) interface of a Red Hat Unified Entitlement Platform. The Subscription Management tools use this interface to manage system entitlements, certificates, and access to content. The following packages have been upgraded to a newer upstream version: subscription-manager (1.17.15), python-rhsm (1.17.9), subscription-manager-migration-data (2.0.31). (BZ#1328553, BZ#1328555, BZ#1328559) Security Fix(es) : * It was found that subscription-manager set weak permissions on files in /var/lib/rhsm/, causing an information disclosure. A local, unprivileged user could use this flaw to access sensitive data that could potentially be used in a social engineering attack. (CVE-2016-4455) Red Hat would like to thank Robert Scheck for reporting this issue. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.See Also
Solution
Update the affected packages.Risk Factor
LowCVSS Base Score
1.7 (CVSS2#AV:L/AC:L/Au:S/C:P/I:N/A:N)CVSS Temporal Score
1.4 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/11/04, Modification date: 2017/01/10Ports
tcp/0
Remote package installed : python-rhsm-1.13.10-1.el7 Should be : python-rhsm-1.17.9-1.el7 Remote package installed : subscription-manager-1.13.22-1.el7 Should be : subscription-manager-1.17.15-1.el7 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
|
12634 - Authenticated Check : OS Name and Installed Package Enumeration |
[-/+] |
Synopsis
This plugin gathers information about the remote host via an authenticated session.Description
This plugin logs into the remote host using SSH, RSH, RLOGIN, Telnet, or local commands and extracts the list of installed packages. If using SSH, the scan should be configured with a valid SSH public key and possibly an SSH passphrase (if the SSH public key is protected by a passphrase).Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/07/06, Modification date: 2017/04/10Ports
tcp/0
It was possible to log into the remote host using the supplied password. The output of "uname -a" is : Linux bldas02 3.10.0-327.10.1.el7.x86_64 #1 SMP Sat Jan 23 04:54:55 EST 2016 x86_64 x86_64 x86_64 GNU/Linux The remote Red Hat system is : Red Hat Enterprise Linux Server release 7.1 (Maipo) Local security checks have been enabled for this host.
|
19506 - Nessus Scan Information |
[-/+] |
Synopsis
This plugin displays information about the Nessus scan.Description
This plugin displays, for each tested host, information about the scan itself : - The version of the plugin set. - The type of scanner (Nessus or Nessus Home). - The version of the Nessus Engine. - The port scanner(s) used. - The port range scanned. - Whether credentialed or third-party patch management checks are possible. - The date of the scan. - The duration of the scan. - The number of hosts scanned in parallel. - The number of checks done in parallel.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2005/08/26, Modification date: 2017/02/24Ports
tcp/0
Information about this scan : Nessus version : 6.10.4 Plugin feed version : 201704110615 Scanner edition used : Nessus Scan type : Normal Scan policy used : Credentialed Patch Audit Scanner IP : 192.168.109.112 Port scanner(s) : netstat Port range : 1-65535 Thorough tests : no Experimental tests : no Paranoia level : 1 Report verbosity : 1 Safe checks : yes Optimize the test : yes Credentialed checks : yes, as 'root' via ssh Patch management checks : None CGI scanning : disabled Web application tests : disabled Max hosts : 30 Max checks : 4 Recv timeout : 5 Backports : None Allow post-scan editing: Yes Scan Start Date : 2017/4/12 1:00 W. Europe Standard Time Scan duration : 169 sec
|
66334 - Patch Report |
[-/+] |
Synopsis
The remote host is missing several patches.Description
The remote host is missing one or more security patches. This plugin lists the newest version of each patch to install to make sure the remote host is up-to-date.Solution
Install the patches listed below.Risk Factor
NonePlugin Information:
Publication date: 2013/07/08, Modification date: 2017/03/14Ports
tcp/0
. You need to take the following 37 actions : [ Oracle Database Multiple Vulnerabilities (January 2017 CPU) (96611) ] + Action to take : Apply the appropriate patch according to the January 2017 Oracle Critical Patch Update advisory. +Impact : Taking this action will resolve 93 different vulnerabilities (CVEs). [ RHEL 5 / 6 / 7 : firefox (RHSA-2016:0373) (89774) ] + Action to take : Update the affected firefox and / or firefox-debuginfo packages. +Impact : Taking this action will resolve 26 different vulnerabilities (CVEs). [ RHEL 5 / 6 / 7 : java-1.7.0-openjdk (RHSA-2017:0269) (97121) ] + Action to take : Update the affected packages. +Impact : Taking this action will resolve 29 different vulnerabilities (CVEs). [ RHEL 5 / 6 / 7 : nss and nss-util (RHSA-2016:2779) (94912) ] + Action to take : Update the affected packages. +Impact : Taking this action will resolve 6 different vulnerabilities (CVEs). [ RHEL 6 / 7 : ImageMagick (RHSA-2016:1237) (91642) ] + Action to take : Update the affected packages. +Impact : Taking this action will resolve 12 different vulnerabilities (CVEs). [ RHEL 6 / 7 : expat (RHSA-2016:2824) (95381) ] + Action to take : Update the affected packages. [ RHEL 6 / 7 : java-1.8.0-openjdk (RHSA-2017:0180) (96693) ] + Action to take : Update the affected packages. +Impact : Taking this action will resolve 31 different vulnerabilities (CVEs). [ RHEL 6 / 7 : libgcrypt (RHSA-2016:2674) (94626) ] + Action to take : Update the affected libgcrypt, libgcrypt-debuginfo and / or libgcrypt-devel packages. [ RHEL 6 / 7 : libssh2 (RHSA-2016:0428) (89820) ] + Action to take : Update the affected packages. [ RHEL 6 / 7 : libtiff (RHSA-2017:0225) (96948) ] + Action to take : Update the affected packages. +Impact : Taking this action will resolve 27 different vulnerabilities (CVEs). [ RHEL 6 / 7 : libxml2 (RHSA-2016:1292) (91802) ] + Action to take : Update the affected packages. +Impact : Taking this action will resolve 14 different vulnerabilities (CVEs). [ RHEL 6 / 7 : ntp (RHSA-2017:0252) (97011) ] + Action to take : Update the affected packages. +Impact : Taking this action will resolve 24 different vulnerabilities (CVEs). [ RHEL 6 / 7 : openssl (RHSA-2017:0286) (97294) ] + Action to take : Update the affected packages. +Impact : Taking this action will resolve 18 different vulnerabilities (CVEs). [ RHEL 6 / 7 : sudo (RHSA-2016:2872) (95600) ] + Action to take : Update the affected sudo, sudo-debuginfo and / or sudo-devel packages. +Impact : Taking this action will resolve 3 different vulnerabilities (CVEs). [ RHEL 6 / 7 : vim (RHSA-2016:2972) (95983) ] + Action to take : Update the affected packages. [ RHEL 7 : NetworkManager (RHSA-2016:2581) (94544) ] + Action to take : Update the affected packages. [ RHEL 7 : bind (RHSA-2017:0276) (97200) ] + Action to take : Update the affected packages. +Impact : Taking this action will resolve 8 different vulnerabilities (CVEs). [ RHEL 7 : curl (RHSA-2016:2575) (94538) ] + Action to take : Update the affected packages. +Impact : Taking this action will resolve 3 different vulnerabilities (CVEs). [ RHEL 7 : dhcp (RHSA-2016:2590) (94553) ] + Action to take : Update the affected packages. [ RHEL 7 : fontconfig (RHSA-2016:2601) (94564) ] + Action to take : Update the affected packages. [ RHEL 7 : ghostscript (RHSA-2017:0013) (96308) ] + Action to take : Update the affected packages. +Impact : Taking this action will resolve 5 different vulnerabilities (CVEs). [ RHEL 7 : glibc (RHSA-2016:2573) (94536) ] + Action to take : Update the affected packages. [ RHEL 7 : graphite2 (RHSA-2016:0594) (90387) ] + Action to take : Update the affected graphite2, graphite2-debuginfo and / or graphite2-devel packages. +Impact : Taking this action will resolve 4 different vulnerabilities (CVEs). [ RHEL 7 : kernel (RHSA-2017:0386) (97509) ] + Action to take : Update the affected packages. +Impact : Taking this action will resolve 48 different vulnerabilities (CVEs). [ RHEL 7 : krb5 (RHSA-2016:2591) (94554) ] + Action to take : Update the affected packages. +Impact : Taking this action will resolve 5 different vulnerabilities (CVEs). [ RHEL 7 : libndp (RHSA-2016:1086) (91214) ] + Action to take : Update the affected libndp, libndp-debuginfo and / or libndp-devel packages. [ RHEL 7 : mariadb (RHSA-2016:2595) (94558) ] + Action to take : Update the affected packages. +Impact : Taking this action will resolve 51 different vulnerabilities (CVEs). [ RHEL 7 : nettle (RHSA-2016:2582) (94545) ] + Action to take : Update the affected nettle, nettle-debuginfo and / or nettle-devel packages. +Impact : Taking this action will resolve 4 different vulnerabilities (CVEs). [ RHEL 7 : openssh (RHSA-2016:2588) (94551) ] + Action to take : Update the affected packages. +Impact : Taking this action will resolve 3 different vulnerabilities (CVEs). [ RHEL 7 : pcre (RHSA-2016:1025) (91078) ] + Action to take : Update the affected packages. +Impact : Taking this action will resolve 8 different vulnerabilities (CVEs). [ RHEL 7 : policycoreutils (RHSA-2017:0536) (97769) ] + Action to take : Update the affected packages. [ RHEL 7 : python (RHSA-2016:2586) (94549) ] + Action to take : Update the affected packages. +Impact : Taking this action will resolve 2 different vulnerabilities (CVEs). [ RHEL 7 : samba (RHSA-2016:1486) (92579) ] + Action to take : Update the affected packages. +Impact : Taking this action will resolve 10 different vulnerabilities (CVEs). [ RHEL 7 : subscription-manager (RHSA-2016:2592) (94555) ] + Action to take : Update the affected packages. [ RHEL 7 : systemd (RHSA-2016:2610) (94603) ] + Action to take : Update the affected packages. [ RHEL 7 : util-linux (RHSA-2016:2605) (94568) ] + Action to take : Update the affected packages. [ RHEL 7 : wget (RHSA-2016:2587) (94550) ] + Action to take : Update the affected wget and / or wget-debuginfo packages.
|
71644 - Oracle Database Patch Info (credentialed check) |
[-/+] |
Synopsis
It was possible to gather Oracle Database patch information with the supplied credentials.Description
It was possible to gather Oracle Database patch information with the supplied credentials.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2013/12/27, Modification date: 2017/03/31Ports
tcp/0
Nessus was able to determine the following patch information for the remote Oracle Database server : Oracle SID(s) : his1 Oracle home : /clu_fs/his/oracle/product/12.1 Patch : 21948354 Unique Patch ID : 19553095 Patch Description : Database Patch Set Update : 12.1.0.2.160119 (21948354) Patch : 21359755 Unique Patch ID : 19194568 Patch Description : Database Patch Set Update : 12.1.0.2.5 (21359755) Patch : 20299023 Unique Patch ID : 18703022 Patch Description : Database Patch Set Update : 12.1.0.2.3 (20299023) Patch : 20831110 Unique Patch ID : 18977826 Patch Description : Database Patch Set Update : 12.1.0.2.4 (20831110) Patch : 20406840 Unique Patch ID : 19704085 Patch : 19769480 Unique Patch ID : 18350083 Patch Description : Database Patch Set Update : 12.1.0.2.2 (19769480) ------------------------------ snip ------------------------------
22/tcp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/22
Port 22/tcp was found to be open
88/tcp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/88
Port 88/tcp was found to be open
111/udp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
udp/111
Port 111/udp was found to be open
161/udp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
udp/161
Port 161/udp was found to be open
389/tcp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/389
Port 389/tcp was found to be open
749/tcp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/749
Port 749/tcp was found to be open
1013/udp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
udp/1013
Port 1013/udp was found to be open
2233/tcp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/2233
Port 2233/tcp was found to be open
2241/tcp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/2241
Port 2241/tcp was found to be open
2242/tcp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/2242
Port 2242/tcp was found to be open
51426/tcp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/51426
Port 51426/tcp was found to be open
57987/udp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
udp/57987
Port 57987/udp was found to be open
192.168.109.23
Scan Information
| Start time: |
Wed Apr 12 01:01:04 2017 |
| End time: |
Wed Apr 12 01:14:20 2017 |
Host Information
| DNS Name: |
bldde01 |
| Netbios Name: |
BLDDE01 |
| IP: |
192.168.109.23 |
| MAC Address: |
00:0C:29:B6:23:1D |
| OS: |
Microsoft Windows Server 2012 R2 Standard |
Results Summary
| Critical |
High |
Medium |
Low |
Info |
Total |
| 5 |
90 |
15 |
3 |
145 |
258 |
Results Details
0/tcp
|
96453 - Adobe Reader < 11.0.19 / 15.006.30279 / 15.023.20053 Multiple Vulnerabilities (APSB17-01) |
[-/+] |
Synopsis
The version of Adobe Reader installed on the remote Windows host is affected by multiple vulnerabilities.Description
The version of Adobe Reader installed on the remote Windows host is prior to 11.0.19, 15.006.30279, or 15.023.20053. It is, therefore, affected by multiple vulnerabilities : - Multiple memory corruption issues exist due to improper validation of unspecified input. An unauthenticated, remote attacker can exploit these to execute arbitrary code. (CVE-2017-2939, CVE-2017-2940, CVE-2017-2941, CVE-2017-2943, CVE-2017-2944, CVE-2017-2953, CVE-2017-2954) - Multiple heap buffer overflow conditions exist due to improper validation of unspecified input. An unauthenticated, remote attacker can exploit these to execute arbitrary code. (CVE-2017-2942, CVE-2017-2945, CVE-2017-2959) - A heap buffer overflow condition exists when handling JPEG2000 images due to improper validation of unspecified input. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-2946) - An unspecified security bypass vulnerability exists that allows an unauthenticated, remote attacker to have an unspecified impact. (CVE-2017-2947) - Multiple overflow conditions exist due to improper validation of unspecified input. An unauthenticated, remote attacker can exploit these to execute arbitrary code. (CVE-2017-2948, CVE-2017-2952) - A heap buffer overflow condition exists when handling the XSLT element-available() function that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-2949) - Multiple use-after-free memory errors exist when handling XFA subform layouts, hyphenation objects, field font sizes, and template objects. An unauthenticated, remote attacker can exploit these to execute arbitrary code. (CVE-2017-2950, CVE-2017-2951, CVE-2017-2961, CVE-2017-2967) - Multiple use-after-free memory errors exist that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-2955, CVE-2017-2956, CVE-2017-2957, CVE-2017-2958) - Multiple memory corruption issues exist when handling JPEG and TIFF files due to improper validation of unspecified input. An unauthenticated, remote attacker can exploit these to execute arbitrary code. (CVE-2017-2960, CVE-2017-2963, CVE-2017-2964, CVE-2017-2965) - A type confusion error exists when handling the XSLT lang() function that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-2962) - A heap buffer overflow condition exists in the ImageConversion component when handling TIFF images() due to improper validation of unspecified input. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-2966) - A buffer overflow condition exists in the JPEG2000 parser due to improper validation of unspecified input. An unauthenticated, remote attacker can exploit this to disclose sensitive information. (CVE-2017-3009) - A memory corruption issue exists in the Rendering engine due to improper validation of unspecified input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-3010) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.See Also
Solution
Upgrade to Adobe Reader version 11.0.19 / 15.006.30279 / 15.023.20053 or later.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.9 (CVSS:3.0/E:P/RL:O/RC:C)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)STIG Severity
IReferences
Plugin Information:
Publication date: 2017/01/12, Modification date: 2017/04/03Ports
tcp/0
Path : C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader Installed version : 15.20.20039.203716 Fixed version : 11.0.19 / 15.006.30279 / 15.023.20053
|
10897 - Microsoft Windows - Users Information : Disabled Accounts |
[-/+] |
Synopsis
At least one user account has been disabled.Description
Using the supplied credentials, Nessus was able to list user accounts that have been disabled.Solution
Delete accounts that are no longer needed.Risk Factor
NoneReferences
Plugin Information:
Publication date: 2002/03/15, Modification date: 2017/01/26Ports
tcp/0
The following user account has been disabled : - Guest Note that, in addition to the Administrator, Guest, and Kerberos accounts, Nessus has enumerated only those domain users with UIDs between 1000 and 1200. To use a different range, edit the scan policy and change the 'Start UID' and/or 'End UID' preferences for 'SMB use domain SID to enumerate users' setting, and then re-run the scan.
|
10898 - Microsoft Windows - Users Information : Never Changed Password |
[-/+] |
Synopsis
At least one user has never changed his or her password.Description
Using the supplied credentials, Nessus was able to list users who have never changed their passwords.Solution
Allow or require users to change their passwords regularly.Risk Factor
NoneReferences
Plugin Information:
Publication date: 2002/03/15, Modification date: 2017/01/26Ports
tcp/0
The following user has never changed his/her password : - Guest Note that, in addition to the Administrator, Guest, and Kerberos accounts, Nessus has enumerated only those domain users with UIDs between 1000 and 1200. To use a different range, edit the scan policy and change the 'Start UID' and/or 'End UID' preferences for 'SMB use domain SID to enumerate users' setting, and then re-run the scan.
|
10899 - Microsoft Windows - Users Information : User Has Never Logged In |
[-/+] |
Synopsis
At least one user has never logged into his or her account.Description
Using the supplied credentials, Nessus was able to list users who have never logged into their accounts.Solution
Delete accounts that are not needed.Risk Factor
NoneReferences
Plugin Information:
Publication date: 2002/03/15, Modification date: 2017/01/26Ports
tcp/0
The following user has never logged in : - Guest Note that, in addition to the Administrator, Guest, and Kerberos accounts, Nessus has enumerated only those domain users with UIDs between 1000 and 1200. To use a different range, edit the scan policy and change the 'Start UID' and/or 'End UID' preferences for 'SMB use domain SID to enumerate users' setting, and then re-run the scan.
|
10900 - Microsoft Windows - Users Information : Passwords Never Expire |
[-/+] |
Synopsis
At least one user has a password that never expires.Description
Using the supplied credentials, Nessus was able to list users that are enabled and whose passwords never expire.Solution
Allow or require users to change their passwords regularly.Risk Factor
NoneReferences
Plugin Information:
Publication date: 2002/03/15, Modification date: 2017/01/26Ports
tcp/0
The following user has a password that never expires : - Administrator Note that, in addition to the Administrator, Guest, and Kerberos accounts, Nessus has enumerated only those domain users with UIDs between 1000 and 1200. To use a different range, edit the scan policy and change the 'Start UID' and/or 'End UID' preferences for this plugin, then re-run the scan.
|
10913 - Microsoft Windows - Local Users Information : Disabled Accounts |
[-/+] |
Synopsis
At least one local user account has been disabled.Description
Using the supplied credentials, Nessus was able to list local user accounts that have been disabled.Solution
Delete accounts that are no longer needed.Risk Factor
NoneReferences
Plugin Information:
Publication date: 2002/03/17, Modification date: 2017/01/26Ports
tcp/0
The following local user account has been disabled : - Guest Note that, in addition to the Administrator and Guest accounts, Nessus has only checked for local users with UIDs between 1000 and 1200. To use a different range, edit the scan policy and change the 'Start UID' and/or 'End UID' preferences for 'SMB use host SID to enumerate local users' setting, and then re-run the scan.
|
10914 - Microsoft Windows - Local Users Information : Never Changed Passwords |
[-/+] |
Synopsis
At least one local user has never changed his or her password.Description
Using the supplied credentials, Nessus was able to list local users who have never changed their passwords.Solution
Allow or require users to change their passwords regularly.Risk Factor
NoneReferences
Plugin Information:
Publication date: 2002/03/17, Modification date: 2017/01/26Ports
tcp/0
The following local user has never changed his/her password : - Guest Note that, in addition to the Administrator and Guest accounts, Nessus has only checked for local users with UIDs between 1000 and 1200. To use a different range, edit the scan policy and change the 'Start UID' and/or 'End UID' preferences for 'SMB use host SID to enumerate local users' setting, and then re-run the scan.
|
10915 - Microsoft Windows - Local Users Information : User Has Never Logged In |
[-/+] |
Synopsis
At least one local user has never logged into his or her account.Description
Using the supplied credentials, Nessus was able to list local users who have never logged into their accounts.Solution
Delete accounts that are not needed.Risk Factor
NoneReferences
Plugin Information:
Publication date: 2002/03/17, Modification date: 2017/01/26Ports
tcp/0
The following local user has never logged in : - Guest Note that, in addition to the Administrator and Guest accounts, Nessus has only checked for local users with UIDs between 1000 and 1200. To use a different range, edit the scan policy and change the 'Start UID' and/or 'End UID' preferences for 'SMB use host SID to enumerate local users' setting, and then re-run the scan.
|
10916 - Microsoft Windows - Local Users Information : Passwords Never Expire |
[-/+] |
Synopsis
At least one local user has a password that never expires.Description
Using the supplied credentials, Nessus was able to list local users that are enabled and whose passwords never expire.Solution
Allow or require users to change their passwords regularly.Risk Factor
NoneReferences
Plugin Information:
Publication date: 2002/03/17, Modification date: 2017/01/26Ports
tcp/0
The following local user has a password that never expires : - Administrator Note that, in addition to the Administrator and Guest accounts, Nessus has only checked for local users with UIDs between 1000 and 1200. To use a different range, edit the scan policy and change the 'Start UID' and/or 'End UID' preferences for this plugin, then re-run the scan.
|
19506 - Nessus Scan Information |
[-/+] |
Synopsis
This plugin displays information about the Nessus scan.Description
This plugin displays, for each tested host, information about the scan itself : - The version of the plugin set. - The type of scanner (Nessus or Nessus Home). - The version of the Nessus Engine. - The port scanner(s) used. - The port range scanned. - Whether credentialed or third-party patch management checks are possible. - The date of the scan. - The duration of the scan. - The number of hosts scanned in parallel. - The number of checks done in parallel.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2005/08/26, Modification date: 2017/02/24Ports
tcp/0
Information about this scan : Nessus version : 6.10.4 Plugin feed version : 201704110615 Scanner edition used : Nessus Scan type : Normal Scan policy used : Credentialed Patch Audit Scanner IP : 192.168.109.112 Port scanner(s) : wmi_netstat Port range : 1-65535 Thorough tests : no Experimental tests : no Paranoia level : 1 Report verbosity : 1 Safe checks : yes Optimize the test : yes Credentialed checks : yes, as '192.168.109.23\Administrator' via SMB Patch management checks : None CGI scanning : disabled Web application tests : disabled Max hosts : 30 Max checks : 4 Recv timeout : 5 Backports : None Allow post-scan editing: Yes Scan Start Date : 2017/4/12 1:01 W. Europe Standard Time Scan duration : 792 sec
|
24269 - Windows Management Instrumentation (WMI) Available |
[-/+] |
Synopsis
WMI queries can be made against the remote host.Description
The supplied credentials can be used to make WMI (Windows Management Instrumentation) requests against the remote host over DCOM. These requests can be used to gather information about the remote host, such as its current state, network interface configuration, etc.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2007/02/03, Modification date: 2017/04/03Ports
tcp/0
|
24270 - Computer Manufacturer Information (WMI) |
[-/+] |
Synopsis
It is possible to obtain the name of the remote computer manufacturer.Description
By making certain WMI queries, it is possible to obtain the model of the remote computer as well as the name of its manufacturer and its serial number.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2007/02/02, Modification date: 2017/04/03Ports
tcp/0
Computer Manufacturer : VMware, Inc. Computer Model : VMware Virtual Platform Computer SerialNumber : VMware-56 4d 70 d9 c6 e0 3d ce-71 ee 90 2a e8 32 2a c0 Computer Type : Other Computer Physical CPU's : 2 Computer Logical CPU's : 4 CPU0 Architecture : x64 Physical Cores: 2 Logical Cores : 2 CPU1 Architecture : x64 Physical Cores: 2 Logical Cores : 2 Computer Memory : 4095 MB RAM slot #0 Form Factor: DIMM Type : DRAM Capacity : 4096 MB
|
24272 - Network Interfaces Enumeration (WMI) |
[-/+] |
Synopsis
Nessus was able to obtain the list of network interfaces on the remote host.Description
Nessus was able, via WMI queries, to extract a list of network interfaces on the remote host and the IP addresses attached to them. Note that this plugin only enumerates IPv6 addresses for systems running Windows Vista or later.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2007/02/03, Modification date: 2017/04/03Ports
tcp/0
+ Network Interface Information : - Network Interface = [00000015] vmxnet3 Ethernet Adapter - MAC Address = 00:0C:29:B6:23:1D - IPAddress/IPSubnet = 192.168.109.23/255.255.255.0 - IPAddress/IPSubnet = fe80::4480:51a2:c403:c332/64 + Routing Information : Destination Netmask Gateway ----------- ------- ------- 0.0.0.0 0.0.0.0 192.168.109.1 127.0.0.0 255.0.0.0 0.0.0.0 127.0.0.1 255.255.255.255 0.0.0.0 127.255.255.255 255.255.255.255 0.0.0.0 192.168.109.0 255.255.255.0 0.0.0.0 192.168.109.23 255.255.255.255 0.0.0.0 192.168.109.255 255.255.255.255 0.0.0.0 224.0.0.0 240.0.0.0 0.0.0.0 224.0.0.0 240.0.0.0 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.0
|
27524 - Microsoft Office Detection |
[-/+] |
Synopsis
The remote Windows host contains an office suite.Description
Microsoft Office is installed on the remote host.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2007/10/23, Modification date: 2017/03/15Ports
tcp/0
The remote host has the following Microsoft Office 2016 Service Pack 0 components installed : - Word : 16.0.4266.1001 - Excel : 16.0.4266.1001 - PowerPoint : 16.0.4266.1001 Office 2016 Click-to-Run update channel : Current Office 2016 Click-to-Run version : unknown Office 2016 Click-to-Run build : 4266.1001
|
34096 - BIOS Version (WMI) |
[-/+] |
Synopsis
The BIOS version could be read.Description
It is possible to get information about the BIOS vendor and its version via the host's WMI interface.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/05, Modification date: 2017/04/03Ports
tcp/0
Vendor : Phoenix Technologies LTD Version : 6.00 Release date : 20140930000000.000000+000 UUID : D9704D56-E0C6-CE3D-71EE-902AE8322AC0
|
34220 - Netstat Portscanner (WMI) |
[-/+] |
Synopsis
The list of open ports could be retrieved via netstat.Description
Using the WMI interface, it was possible to get the open ports by running the netstat command remotely.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/16, Modification date: 2017/04/03Ports
tcp/0
|
38153 - Microsoft Windows Summary of Missing Patches |
[-/+] |
Synopsis
The remote host is missing several Microsoft security patches.Description
This plugin summarizes updates for Microsoft Security Bulletins that have not been installed on the remote Windows host based on the results of either a credentialed check using the supplied credentials or a check done using a supported third-party patch management tool. Review the summary and apply any missing updates in order to be up-to- date.Solution
Run Windows Update on the remote host or use a patch management solution.Risk Factor
NonePlugin Information:
Publication date: 2009/04/24, Modification date: 2013/02/04Ports
tcp/0
The patches for the following bulletins are missing on the remote host : - MS11-025 ( http://technet.microsoft.com/en-us/security/bulletin/ms11-025 ) - MS15-116 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-116 ) - MS15-123 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-123 ) - MS15-124 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-124 ) - MS15-128 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-128 ) - MS15-131 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-131 ) - MS16-004 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-004 ) - MS16-015 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-015 ) - MS16-029 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-029 ) - MS16-037 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-037 ) - MS16-039 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-039 ) - MS16-040 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-040 ) - MS16-042 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-042 ) - MS16-044 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-044 ) - MS16-047 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-047 ) - MS16-048 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-048 ) - MS16-051 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-051 ) - MS16-054 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-054 ) - MS16-055 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-055 ) - MS16-057 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-057 ) - MS16-060 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-060 ) - MS16-061 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-061 ) - MS16-062 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-062 ) - MS16-063 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-063 ) - MS16-065 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-065 ) - MS16-067 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-067 ) - MS16-070 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-070 ) - MS16-072 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-072 ) - MS16-073 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-073 ) - MS16-074 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-074 ) - MS16-075 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-075 ) - MS16-076 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-076 ) - MS16-077 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-077 ) - MS16-080 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-080 ) - MS16-082 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-082 ) - MS16-084 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-084 ) - MS16-087 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-087 ) - MS16-088 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-088 ) - MS16-090 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-090 ) - MS16-091 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-091 ) - MS16-092 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-092 ) - MS16-094 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-094 ) - MS16-095 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-095 ) - MS16-097 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-097 ) - MS16-098 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-098 ) - MS16-099 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-099 ) - MS16-100 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-100 ) - MS16-101 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-101 ) - MS16-102 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-102 ) - MS16-104 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-104 ) - MS16-106 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-106 ) - MS16-107 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-107 ) - MS16-111 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-111 ) - MS16-112 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-112 ) - MS16-114 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-114 ) - MS16-115 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-115 ) - MS16-116 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-116 ) - MS16-118 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-118 ) - MS16-120 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-120 ) - MS16-121 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-121 ) - MS16-123 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-123 ) - MS16-124 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-124 ) - MS16-130 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-130 ) - MS16-132 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-132 ) - MS16-133 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-133 ) - MS16-134 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-134 ) - MS16-135 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-135 ) - MS16-137 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-137 ) - MS16-138 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-138 ) - MS16-140 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-140 ) - MS16-142 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-142 ) - MS16-144 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-144 ) - MS16-146 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-146 ) - MS16-147 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-147 ) - MS16-148 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-148 ) - MS16-149 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-149 ) - MS16-151 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-151 ) - MS16-153 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-153 ) - MS17-002 ( http://technet.microsoft.com/en-us/security/bulletin/ms17-002 ) - MS17-006 ( http://technet.microsoft.com/en-us/security/bulletin/ms17-006 ) - MS17-009 ( http://technet.microsoft.com/en-us/security/bulletin/ms17-009 ) - MS17-010 ( http://technet.microsoft.com/en-us/security/bulletin/ms17-010 ) - MS17-011 ( http://technet.microsoft.com/en-us/security/bulletin/ms17-011 ) - MS17-012 ( http://technet.microsoft.com/en-us/security/bulletin/ms17-012 ) - MS17-013 ( http://technet.microsoft.com/en-us/security/bulletin/ms17-013 ) - MS17-014 ( http://technet.microsoft.com/en-us/security/bulletin/ms17-014 ) - MS17-016 ( http://technet.microsoft.com/en-us/security/bulletin/ms17-016 ) - MS17-017 ( http://technet.microsoft.com/en-us/security/bulletin/ms17-017 ) - MS17-018 ( http://technet.microsoft.com/en-us/security/bulletin/ms17-018 ) - MS17-021 ( http://technet.microsoft.com/en-us/security/bulletin/ms17-021 ) - MS17-022 ( http://technet.microsoft.com/en-us/security/bulletin/ms17-022 )
|
44871 - WMI Windows Feature Enumeration |
[-/+] |
Synopsis
It is possible to enumerate Windows features using WMI.Description
Nessus was able to enumerate the server features of the remote host by querying the 'Win32_ServerFeature' class of the '\Root\cimv2' WMI namespace for Windows Server versions or the 'Win32_OptionalFeature' class of the '\Root\cimv2' WMI namespace for Windows Desktop versions. Note that Features can only be enumerated for Windows 7 and later for desktop versions.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2010/02/24, Modification date: 2017/04/03Ports
tcp/0
Nessus enumerated the following Windows features : - .NET Framework 3.5 (includes .NET 2.0 and 3.0) - .NET Framework 3.5 Features - .NET Framework 4.5 - .NET Framework 4.5 Features - AD DS and AD LDS Tools - Active Directory module for Windows PowerShell - File Server - File and Storage Services - File and iSCSI Services - Graphical Management Tools and Infrastructure - Remote Server Administration Tools - Role Administration Tools - SMB 1.0/CIFS File Sharing Support - Server Graphical Shell - Storage Services - TCP Port Sharing - User Interfaces and Infrastructure - WCF Services - Windows PowerShell - Windows PowerShell 2.0 Engine - Windows PowerShell 4.0 - Windows PowerShell ISE - WoW64 Support
|
48337 - Windows ComputerSystemProduct Enumeration (WMI) |
[-/+] |
Synopsis
It is possible to obtain product information from the remote host using WMI.Description
By querying the WMI class 'Win32_ComputerSystemProduct', it is possible to extract product information about the computer system such as UUID, IdentifyingNumber, vendor, etc.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2010/08/16, Modification date: 2017/04/03Ports
tcp/0
+ Computer System Product - IdentifyingNumber : VMware-56 4d 70 d9 c6 e0 3d ce-71 ee 90 2a e8 32 2a c0 - Description : Computer System Product - Vendor : VMware, Inc. - Name : VMware Virtual Platform - UUID : D9704D56-E0C6-CE3D-71EE-902AE8322AC0 - Version : None
|
52001 - WMI QuickFixEngineering (QFE) Enumeration |
[-/+] |
Synopsis
The remote Windows host has quick-fix engineering updates installed.Description
By connecting to the remote host with the supplied credentials, this plugin enumerates quick-fix engineering updates installed on the remote host via WMI.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2011/02/16, Modification date: 2017/04/03Ports
tcp/0
Here is a list of quick-fix engineering updates installed on the remote system : + KB2959936 - Description : Update - InstalledOn : 11/21/2014 + KB2894852 - Description : Security Update - InstalledOn : 4/8/2016 + KB2894856 - Description : Security Update - InstalledOn : 4/8/2016 + KB2896496 - Description : Update - InstalledOn : 11/21/2014 + KB2919355 - Description : Update - InstalledOn : 11/21/2014 + KB2920189 - Description : Security Update - InstalledOn : 11/21/2014 + KB2928120 - Description : Security Update - InstalledOn : 11/21/2014 + KB2931358 - Description : Security Update - InstalledOn : 11/21/2014 + KB2931366 - Description : Security Update - InstalledOn : 11/21/2014 + KB2933826 - Description : Security Update - InstalledOn : 11/21/2014 + KB2938772 - Description : Update - InstalledOn : 11/21/2014 + KB2949621 - Description : Hotfix - InstalledOn : 11/21/2014 + KB2954879 - Description : Update - InstalledOn : 11/21/2014 + KB2958262 - Description : Update - InstalledOn : 11/21/2014 + KB2958263 - Description : Update - InstalledOn : 11/21/2014 + KB2961072 - Description : Security Update - InstalledOn : 11/21/2014 + KB2965500 - Description : Update - InstalledOn : 11/21/2014 + KB2966407 - Description : Update - InstalledOn : 11/21/2014 + KB2966826 - Description : Security Update - InstalledOn : 4/8/2016 + KB2966828 - Description : Security Update - InstalledOn : 4/8/2016 + KB2967917 - Description : Update - InstalledOn : 11/21/2014 + KB2968296 - Description : Security Update - InstalledOn : 4/8/2016 + KB2971203 - Description : Update - InstalledOn : 11/21/2014 + KB2971850 - Description : Security Update - InstalledOn : 11/21/2014 + KB2972103 - Description : Security Update - InstalledOn : 4/8/2016 + KB2972213 - Description : Security Update - InstalledOn : 4/8/2016 + KB2973114 - Description : Security Update - InstalledOn : 4/8/2016 + KB2973351 - Description : Security Update - InstalledOn : 11/21/2014 + KB2973448 - Description : Update - InstalledOn : 11/21/2014 + KB2975061 - Description : Update - InstalledOn : 11/21/2014 + KB2976627 - Description : Security Update - InstalledOn : 11/21/2014 + KB2977629 - Description : Security Update - InstalledOn : 11/21/2014 + KB2977765 - Description : Security Update - InstalledOn : 4/8/2016 + KB2978041 - Description : Security Update - InstalledOn : 4/8/2016 + KB2978122 - Description : Security Update - InstalledOn : 4/8/2016 + KB2978126 - Description : Security Update - InstalledOn : 4/8/2016 + KB2981580 - Description : Update - InstalledOn : 11/21/2014 + KB2987107 - Description : Security Update - InstalledOn : 11/21/2014 + KB2989647 - Description : Update - InstalledOn : 11/21/2014 + KB2998527 - Description : Update - InstalledOn : 11/21/2014 + KB2999226 - Description : Update - InstalledOn : 4/8/2016 + KB3000483 - Description : Security Update - InstalledOn : 4/8/2016 + KB3000850 - Description : Update - InstalledOn : 11/21/2014 + KB3003057 - Description : Security Update - InstalledOn : 11/21/2014 + KB3004361 - Description : Security Update - InstalledOn : 4/8/2016 + KB3004365 - Description : Security Update - InstalledOn : 4/8/2016 + KB3008242 - Description : Update - InstalledOn : 4/8/2016 + KB3011780 - Description : Security Update - InstalledOn : 4/8/2016 + KB3014442 - Description : Update - InstalledOn : 11/21/2014 + KB3019978 - Description : Security Update - InstalledOn : 4/8/2016 + KB3021674 - Description : Security Update - InstalledOn : 4/8/2016 + KB3021910 - Description : Update - InstalledOn : 4/8/2016 + KB3022777 - Description : Security Update - InstalledOn : 4/8/2016 + KB3023219 - Description : Security Update - InstalledOn : 4/8/2016 + KB3023222 - Description : Security Update - InstalledOn : 4/8/2016 + KB3023266 - Description : Security Update - InstalledOn : 4/8/2016 + KB3030377 - Description : Security Update - InstalledOn : 4/8/2016 + KB3031044 - Description : Update - InstalledOn : 4/8/2016 + KB3032663 - Description : Security Update - InstalledOn : 4/8/2016 + KB3033889 - Description : Security Update - InstalledOn : 4/8/2016 + KB3034348 - Description : Update - InstalledOn : 4/8/2016 + KB3035126 - Description : Security Update - InstalledOn : 4/8/2016 + KB3035132 - Description : Security Update - InstalledOn : 4/8/2016 + KB3037576 - Description : Security Update - InstalledOn : 4/8/2016 + KB3037579 - Description : Security Update - InstalledOn : 4/8/2016 + KB3042058 - Description : Security Update - InstalledOn : 4/11/2016 + KB3042085 - Description : Update - InstalledOn : 4/8/2016 + KB3042553 - Description : Security Update - InstalledOn : 4/8/2016 + KB3044374 - Description : Update - InstalledOn : 4/8/2016 + KB3045685 - Description : Security Update - InstalledOn : 4/8/2016 + KB3045755 - Description : Security Update - InstalledOn : 4/8/2016 + KB3045999 - Description : Security Update - InstalledOn : 4/8/2016 + KB3046017 - Description : Security Update - InstalledOn : 4/8/2016 + KB3046359 - Description : Security Update - InstalledOn : 4/8/2016 + KB3055642 - Description : Security Update - InstalledOn : 4/8/2016 + KB3059317 - Description : Security Update - InstalledOn : 4/8/2016 + KB3060716 - Description : Security Update - InstalledOn : 4/8/2016 + KB3061512 - Description : Security Update - InstalledOn : 4/8/2016 + KB3067505 - Description : Security Update - InstalledOn : 4/8/2016 + KB3068457 - Description : Security Update - InstalledOn : 4/8/2016 + KB3071756 - Description : Security Update - InstalledOn : 4/8/2016 + KB3072307 - Description : Security Update - InstalledOn : 4/8/2016 + KB3072595 - Description : Security Update - InstalledOn : 4/8/2016 + KB3072630 - Description : Security Update - InstalledOn : 4/8/2016 + KB3074228 - Description : Security Update - InstalledOn : 4/8/2016 + KB3074545 - Description : Security Update - InstalledOn : 4/8/2016 + KB3074548 - Description : Security Update - InstalledOn : 4/8/2016 + KB3075220 - Description : Security Update - InstalledOn : 4/8/2016 + KB3076895 - Description : Security Update - InstalledOn : 4/8/2016 + KB3077715 - Description : Update - InstalledOn : 4/8/2016 + KB3078601 - Description : Security Update - InstalledOn : 4/8/2016 + KB3080446 - Description : Security Update - InstalledOn : 4/8/2016 + KB3081320 - Description : Security Update - InstalledOn : 4/8/2016 + KB3082089 - Description : Security Update - InstalledOn : 4/8/2016 + KB3083992 - Description : Security Update - InstalledOn : 4/8/2016 + KB3084135 - Description : Security Update - InstalledOn : 4/8/2016 + KB3086255 - Description : Security Update - InstalledOn : 4/8/2016 + KB3087039 - Description : Security Update - InstalledOn : 4/8/2016 + KB3087088 - Description : Security Update - InstalledOn : 4/8/2016 + KB3088195 - Description : Security Update - InstalledOn : 4/8/2016 + KB3092601 - Description : Security Update - InstalledOn : 4/8/2016 + KB3097966 - Description : Security Update - InstalledOn : 4/8/2016 + KB3097992 - Description : Security Update - InstalledOn : 4/8/2016 + KB3097997 - Description : Security Update - InstalledOn : 4/8/2016 + KB3098779 - Description : Security Update - InstalledOn : 4/8/2016 + KB3098785 - Description : Security Update - InstalledOn : 4/11/2016 + KB3102467 - Description : Update - InstalledOn : 4/8/2016 + KB3102939 - Description : Security Update - InstalledOn : 4/8/2016 + KB3108347 - Description : Security Update - InstalledOn : 4/8/2016 + KB3108381 - Description : Security Update - InstalledOn : 4/8/2016 + KB3109094 - Description : Security Update - InstalledOn : 4/8/2016 + KB3109103 - Description : Security Update - InstalledOn : 4/8/2016 + KB3109853 - Description : Security Update - InstalledOn : 4/8/2016 + KB3110329 - Description : Security Update - InstalledOn : 4/8/2016 + KB3121918 - Description : Security Update - InstalledOn : 4/8/2016 + KB3122651 - Description : Security Update - InstalledOn : 4/8/2016 + KB3122660 - Description : Security Update - InstalledOn : 4/11/2016 + KB3123479 - Description : Security Update - InstalledOn : 4/8/2016 + KB3124001 - Description : Security Update - InstalledOn : 4/8/2016 + KB3126041 - Description : Security Update - InstalledOn : 4/8/2016 + KB3126434 - Description : Security Update - InstalledOn : 4/8/2016 + KB3126446 - Description : Security Update - InstalledOn : 4/8/2016 + KB3126587 - Description : Security Update - InstalledOn : 4/8/2016 + KB3126593 - Description : Security Update - InstalledOn : 4/8/2016 + KB3127222 - Description : Security Update - InstalledOn : 4/8/2016 + KB3127231 - Description : Security Update - InstalledOn : 4/11/2016 + KB3133043 - Description : Security Update - InstalledOn : 4/8/2016 + KB3134222 - Description : Security Update - InstalledOn : 4/8/2016 + KB3135985 - Description : Security Update - InstalledOn : 4/8/2016 + KB3135991 - Description : Security Update - InstalledOn : 4/8/2016 + KB3135998 - Description : Security Update - InstalledOn : 4/11/2016 + KB3137513 - Description : Security Update - InstalledOn : 4/8/2016 + KB3138615 - Description : Update - InstalledOn : 4/8/2016 + KB3139398 - Description : Security Update - InstalledOn : 4/8/2016 + KB3139852 - Description : Security Update - InstalledOn : 4/8/2016 + KB3139914 - Description : Security Update - InstalledOn : 4/8/2016 + KB3139929 - Description : Security Update - InstalledOn : 4/8/2016 + KB3139940 - Description : Security Update - InstalledOn : 4/8/2016 + KB3140735 - Description : Security Update - InstalledOn : 4/8/2016 Note that for detailed information on installed QFE's such as InstalledBy, Caption, and so on, please run the scan with 'Report Verbosity' set to 'verbose'.
|
57364 - PuTTY Detection |
[-/+] |
Synopsis
A Telnet / SSH client is installed on the remote host.Description
The remote host has an installation of PuTTY, which is a suite of tools for remote console access and file transfer.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2011/12/21, Modification date: 2015/03/06Ports
tcp/0
Path : C:\Program Files (x86)\PuTTY Version : 0.67.0.0 VersionNumber : 0.67.0.0
|
62042 - SMB QuickFixEngineering (QFE) Enumeration |
[-/+] |
Synopsis
The remote host has quick-fix engineering updates installed.Description
By connecting to the host with the supplied credentials, this plugin enumerates quick-fix engineering updates installed on the remote host via the registry.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2012/09/11, Modification date: 2013/03/28Ports
tcp/0
Here is a list of quick-fix engineering updates installed on the remote system : KB2894852, Installed on: 2016/04/08 KB2894856, Installed on: 2016/04/08 KB2896496, Installed on: 2014/11/21 KB2919355, Installed on: 2014/11/21 KB2920189, Installed on: 2014/11/21 KB2928120, Installed on: 2014/11/21 KB2931358, Installed on: 2014/11/21 KB2931366, Installed on: 2014/11/21 KB2932046, Installed on: 2014/11/21 KB2933826, Installed on: 2014/11/21 KB2934018 KB2937592, Installed on: 2014/11/21 KB2938439, Installed on: 2014/11/21 KB2938772, Installed on: 2014/11/21 KB2949621, Installed on: 2014/11/21 KB2954879, Installed on: 2014/11/21 KB2958262, Installed on: 2014/11/21 KB2958263, Installed on: 2014/11/21 KB2961072, Installed on: 2014/11/21 KB2965500, Installed on: 2014/11/21 KB2966407, Installed on: 2014/11/21 KB2966826, Installed on: 2016/04/08 KB2966828, Installed on: 2016/04/08 KB2967917, Installed on: 2014/11/21 KB2968296, Installed on: 2016/04/08 KB2971203 KB2971850, Installed on: 2014/11/21 KB2972103, Installed on: 2016/04/08 KB2972213, Installed on: 2016/04/08 KB2972280 KB2973114, Installed on: 2016/04/08 KB2973351, Installed on: 2014/11/21 KB2973448, Installed on: 2014/11/21 KB2974008 KB2975061, Installed on: 2014/11/21 KB2976627, Installed on: 2014/11/21 KB2977629, Installed on: 2014/11/21 KB2977765, Installed on: 2016/04/08 KB2978041, Installed on: 2016/04/08 KB2978122, Installed on: 2016/04/08 KB2978126, Installed on: 2016/04/08 KB2981580, Installed on: 2014/11/21 KB2982794 KB2987107, Installed on: 2014/11/21 KB2987114 KB2989647, Installed on: 2014/11/21 KB2998527, Installed on: 2014/11/21 KB2999226, Installed on: 2016/04/08 KB3000483, Installed on: 2016/04/08 KB3000850, Installed on: 2014/11/21 KB3001237 KB3003057, Installed on: 2014/11/21 KB3004361, Installed on: 2016/04/08 KB3004365, Installed on: 2016/04/08 KB3008242, Installed on: 2016/04/08 KB3011780, Installed on: 2016/04/08 KB3014442, Installed on: 2014/11/21 KB3016437 KB3019978, Installed on: 2016/04/08 KB3021674, Installed on: 2016/04/08 KB3021910, Installed on: 2016/04/08 KB3022777, Installed on: 2016/04/08 KB3023219, Installed on: 2016/04/08 KB3023222, Installed on: 2016/04/08 KB3023266, Installed on: 2016/04/08 KB3030377, Installed on: 2016/04/08 KB3031044, Installed on: 2016/04/08 KB3032663, Installed on: 2016/04/08 KB3033889, Installed on: 2016/04/08 KB3034348, Installed on: 2016/04/08 KB3035126, Installed on: 2016/04/08 KB3035132, Installed on: 2016/04/08 KB3037576, Installed on: 2016/04/08 KB3037579, Installed on: 2016/04/08 KB3042058, Installed on: 2016/04/11 KB3042085, Installed on: 2016/04/08 KB3042553, Installed on: 2016/04/08 KB3044374, Installed on: 2016/04/08 KB3045685, Installed on: 2016/04/08 KB3045755, Installed on: 2016/04/08 KB3045999, Installed on: 2016/04/08 KB3046017, Installed on: 2016/04/08 KB3046359, Installed on: 2016/04/08 KB3055642, Installed on: 2016/04/08 KB3059317, Installed on: 2016/04/08 KB3060716, Installed on: 2016/04/08 KB3061512, Installed on: 2016/04/08 KB3067505, Installed on: 2016/04/08 KB3068457, Installed on: 2016/04/08 KB3071756, Installed on: 2016/04/08 KB3072307, Installed on: 2016/04/08 KB3072595, Installed on: 2016/04/08 KB3072630, Installed on: 2016/04/08 KB3074228, Installed on: 2016/04/08 KB3074545, Installed on: 2016/04/08 KB3074548, Installed on: 2016/04/08 KB3075220, Installed on: 2016/04/08 KB3076895, Installed on: 2016/04/08 KB3077715, Installed on: 2016/04/08 KB3078601, Installed on: 2016/04/08 KB3080446, Installed on: 2016/04/08 KB3081320, Installed on: 2016/04/08 KB3082089, Installed on: 2016/04/08 KB3083992, Installed on: 2016/04/08 KB3084135, Installed on: 2016/04/08 KB3086255, Installed on: 2016/04/08 KB3087039, Installed on: 2016/04/08 KB3087088, Installed on: 2016/04/08 KB3088195, Installed on: 2016/04/08 KB3092601, Installed on: 2016/04/08 KB3097966, Installed on: 2016/04/08 KB3097992, Installed on: 2016/04/08 KB3097997, Installed on: 2016/04/08 KB3098779, Installed on: 2016/04/08 KB3098785, Installed on: 2016/04/11 KB3102467, Installed on: 2016/04/08 KB3102939, Installed on: 2016/04/08 KB3108347, Installed on: 2016/04/08 KB3108381, Installed on: 2016/04/08 KB3109094, Installed on: 2016/04/08 KB3109103, Installed on: 2016/04/08 KB3109853, Installed on: 2016/04/08 KB3110329 KB3121918, Installed on: 2016/04/08 KB3122651, Installed on: 2016/04/08 KB3122660, Installed on: 2016/04/11 KB3123479, Installed on: 2016/04/08 KB3124001, Installed on: 2016/04/08 KB3126041, Installed on: 2016/04/08 KB3126434, Installed on: 2016/04/08 KB3126446, Installed on: 2016/04/08 KB3126587, Installed on: 2016/04/08 KB3126593, Installed on: 2016/04/08 KB3127222, Installed on: 2016/04/08 KB3127231, Installed on: 2016/04/11 KB3133043, Installed on: 2016/04/08 KB3134222, Installed on: 2016/04/08 KB3135985, Installed on: 2016/04/08 KB3135991, Installed on: 2016/04/08 KB3135998, Installed on: 2016/04/11 KB3137513, Installed on: 2016/04/08 KB3138615, Installed on: 2016/04/08 KB3139398, Installed on: 2016/04/08 KB3139852, Installed on: 2016/04/08 KB3139914, Installed on: 2016/04/08 KB3139929, Installed on: 2016/04/08 KB3139940, Installed on: 2016/04/08 KB3140735, Installed on: 2016/04/08
|
66334 - Patch Report |
[-/+] |
Synopsis
The remote host is missing several patches.Description
The remote host is missing one or more security patches. This plugin lists the newest version of each patch to install to make sure the remote host is up-to-date.Solution
Install the patches listed below.Risk Factor
NonePlugin Information:
Publication date: 2013/07/08, Modification date: 2017/03/14Ports
tcp/0
. Microsoft Operating System Patches : + To patch the remote system, you need to install the following Microsoft patches : - KB4012213 (MS17-022) (3 vulnerabilities) - KB4012216 (MS17-022) (3 vulnerabilities) - KB4012213 (MS17-021) - KB4012216 (MS17-021) - KB4012213 (MS17-018) - KB4012216 (MS17-018) - KB4012213 (MS17-017) (2 vulnerabilities) - KB4012216 (MS17-017) (2 vulnerabilities) - KB4012213 (MS17-016) - KB4012216 (MS17-016) - KB4012213 (MS17-013) (16 vulnerabilities) - KB4012216 (MS17-013) (16 vulnerabilities) - KB4012213 (MS17-012) - KB4012216 (MS17-012) - KB4012213 (MS17-011) (2 vulnerabilities) - KB4012216 (MS17-011) (2 vulnerabilities) - KB4012213 (MS17-010) - KB4012216 (MS17-010) - KB4012213 (MS17-009) - KB4012216 (MS17-009) - KB4012204 (MS17-006) (4 vulnerabilities) - KB4012216 (MS17-006) (4 vulnerabilities) - KB3205400 (MS16-153) (2 vulnerabilities) - KB3205401 (MS16-153) (2 vulnerabilities) - KB3205400 (MS16-149) (4 vulnerabilities) - KB3205401 (MS16-149) (4 vulnerabilities) - KB3197873 (MS16-142) (4 vulnerabilities) - KB3197874 (MS16-142) (4 vulnerabilities) - KB3197873 (MS16-140) - KB3197874 (MS16-140) - KB3197873 (MS16-138) - KB3197874 (MS16-138) - KB3197873 (MS16-132) (4 vulnerabilities) - KB3197874 (MS16-132) (4 vulnerabilities) - KB3197873 (MS16-130) (3 vulnerabilities) - KB3197874 (MS16-130) (3 vulnerabilities) - KB3185331 (MS16-124) (2 vulnerabilities) - KB3192392 (MS16-124) (2 vulnerabilities) - KB3185331 (MS16-123) (2 vulnerabilities) - KB3192392 (MS16-123) (2 vulnerabilities) - KB3184943 (MS16-115) (1 vulnerabilities) - KB3178539 (MS16-112) - KB3185911 (MS16-106) (11 vulnerabilities) - KB3172729 (MS16-100) - KB3172727 (MS16-094) - KB3163247 (MS16-091) - KB3164024 (MS16-091) - KB3170455 (MS16-087) (1 vulnerabilities) - KB3161958 (MS16-082) - KB3157569 (MS16-080) (1 vulnerabilities) - KB3161949 (MS16-077) - KB3162343 (MS16-076) (1 vulnerabilities) - KB3161561 (MS16-075) (1 vulnerabilities) - KB3159398 (MS16-072) - KB3155784 (MS16-067) - KB3142026 (MS16-065) (2 vulnerabilities) - KB3142036 (MS16-065) (2 vulnerabilities) - KB3153704 (MS16-061) (1 vulnerabilities) - KB3156059 (MS16-057) - KB3146723 (MS16-048) (1 vulnerabilities) - KB3149090 (MS16-047) (1 vulnerabilities) - KB3146706 (MS16-044) (1 vulnerabilities) - KB2538243 (MS11-025) (2 vulnerabilities) - KB2565063 (MS11-025) (2 vulnerabilities) . You need to take the following 3 actions : [ Adobe Reader < 11.0.19 / 15.006.30279 / 15.023.20053 Multiple Vulnerabilities (APSB17-01) (96453) ] + Action to take : Upgrade to Adobe Reader version 11.0.19 / 15.006.30279 / 15.023.20053 or later. +Impact : Taking this action will resolve 31 different vulnerabilities (CVEs). [ Oracle Database Multiple Vulnerabilities (January 2017 CPU) (96611) ] + Action to take : Apply the appropriate patch according to the January 2017 Oracle Critical Patch Update advisory. +Impact : Taking this action will resolve 60 different vulnerabilities (CVEs). [ Oracle Java SE Multiple Vulnerabilities (January 2017 CPU) (SWEET32) (96628) ] + Action to take : Upgrade to Oracle JDK / JRE 8 Update 121 / 7 Update 131 / 6 Update 141 or later. If necessary, remove any affected versions. Note that an Extended Support contract with Oracle is needed to obtain JDK / JRE 6 Update 95 or later. +Impact : Taking this action will resolve 30 different vulnerabilities (CVEs).
|
70329 - Microsoft Windows Process Information |
[-/+] |
Synopsis
Use WMI to obtain running process information.Description
Report details on the running processes on the machine. This plugin is informative only and could be used for forensic investigation, malware detection, and to confirm that your system processes conform to your system policies.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2013/10/08, Modification date: 2017/04/03Ports
tcp/0
Process Overview : SID: Process (PID) 0 : System Idle Process (0) 0 : |- System (4) 0 : |- smss.exe (264) 0 : ClkSrv.exe (2172) 0 : |- conhost.exe (3000) 0 : dcusrv.exe (2472) 0 : |- conhost.exe (1260) 0 : |- x88.exe (2700) 0 : |- conhost.exe (1328) 0 : trpsrv.exe (2696) 0 : |- conhost.exe (2596) 2 : winlogon.exe (2920) 2 : |- dwm.exe (1652) 2 : |- LogonUI.exe (3224) 0 : cagsrv.exe (2964) 0 : |- conhost.exe (856) 2 : explorer.exe (3284) 2 : |- cmd.exe (2708) 2 : |- conhost.exe (2256) 2 : |- notepad.exe (3544) 2 : |- vmtoolsd.exe (4004) 2 : |- HVAMonitor.exe (4088) 2 : csrss.exe (3556) 0 : csrss.exe (368) 2 : jusched.exe (3812) 0 : wininit.exe (444) 0 : |- services.exe (536) 0 : |- spoolsv.exe (1192) 0 : |- armsvc.exe (1252) 0 : |- NmxAppLogService.exe (1284) 0 : |- svchost.exe (1344) 0 : |- ntpd.exe (1392) 0 : |- TNSLSNR.EXE (1424) 0 : |- oracle.exe (1532) 0 : |- oravssw.exe (1556) 0 : |- PCUMonSrv.exe (1572) 0 : |- svchost.exe (1592) 0 : |- Tomcat7.exe (1656) 0 : |- conhost.exe (1688) 0 : |- VGAuthService.exe (1764) 0 : |- vmtoolsd.exe (1808) 0 : |- dllhost.exe (2116) 0 : |- msdtc.exe (2352) 0 : |- Pcu400Service.exe (2624) 0 : |- TrustedInstaller.exe (2672) 0 : |- sppsvc.exe (2992) 0 : |- ABB.NM.OPCServerWrapper.exe (3068) 0 : |- svchost.exe (532) 0 : |- svchost.exe (616) 0 : |- WmiPrvSE.exe (2192) 0 : |- TiWorker.exe (3948) 0 : |- svchost.exe (652) 0 : |- vmacthlp.exe (736) 0 : |- svchost.exe (816) 0 : |- svchost.exe (848) 2 : |- taskhostex.exe (3232) 0 : |- svchost.exe (912) 0 : |- svchost.exe (976) 0 : |- svchost.exe (992) 0 : |- lsass.exe (544) 0 : supsrv.exe (628) 0 : |- conhost.exe (1860)
|
70331 - Microsoft Windows Process Module Information |
[-/+] |
Synopsis
Use WMI to obtain running process module information.Description
Report details on the running processes modules on the machine. This plugin is informative only and could be used for forensic investigation, malware detection, and to that confirm your system processes conform to your system policies.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2013/10/08, Modification date: 2017/04/03Ports
tcp/0
Process_Modules_.csv : lists the loaded modules for each process.
|
71246 - Enumerate Local Group Memberships |
[-/+] |
Synopsis
Nessus was able to connect to a host via SMB to retrieve a list of local Groups and their Members.Description
Nessus was able to connect to a host via SMB to retrieve a list of local Groups and their Members.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2013/12/06, Modification date: 2017/04/03Ports
tcp/0
Group Name : Access Control Assistance Operators Host Name : BLDDE01 Group SID : S-1-5-32-579 Members : Group Name : Administrators Host Name : BLDDE01 Group SID : S-1-5-32-544 Members : Name : Administrator Domain : BLDDE01 Class : Win32_UserAccount SID : S-1-5-21-2659951044-3182031200-318033672-500 Name : Domain Admins Domain : BLD01SEC Class : Win32_Group SID : Group Name : Backup Operators Host Name : BLDDE01 Group SID : S-1-5-32-551 Members : Group Name : Certificate Service DCOM Access Host Name : BLDDE01 Group SID : S-1-5-32-574 Members : Group Name : Cryptographic Operators Host Name : BLDDE01 Group SID : S-1-5-32-569 Members : Group Name : Distributed COM Users Host Name : BLDDE01 Group SID : S-1-5-32-562 Members : Group Name : Event Log Readers Host Name : BLDDE01 Group SID : S-1-5-32-573 Members : Group Name : Guests Host Name : BLDDE01 Group SID : S-1-5-32-546 Members : Name : Guest Domain : BLDDE01 Class : Win32_UserAccount SID : S-1-5-21-2659951044-3182031200-318033672-501 Group Name : Hyper-V Administrators Host Name : BLDDE01 Group SID : S-1-5-32-578 Members : Group Name : IIS_IUSRS Host Name : BLDDE01 Group SID : S-1-5-32-568 Members : Name : IUSR Domain : BLDDE01 Class : Win32_SystemAccount SID : S-1-5-17 Group Name : Network Configuration Operators Host Name : BLDDE01 Group SID : S-1-5-32-556 Members : Group Name : Performance Log Users Host Name : BLDDE01 Group SID : S-1-5-32-559 Members : Group Name : Performance Monitor Users Host Name : BLDDE01 Group SID : S-1-5-32-558 Members : Group Name : Power Users Host Name : BLDDE01 Group SID : S-1-5-32-547 Members : Group Name : Print Operators Host Name : BLDDE01 Group SID : S-1-5-32-550 Members : Group Name : RDS Endpoint Servers Host Name : BLDDE01 Group SID : S-1-5-32-576 Members : Group Name : RDS Management Servers Host Name : BLDDE01 Group SID : S-1-5-32-577 Members : Group Name : RDS Remote Access Servers Host Name : BLDDE01 Group SID : S-1-5-32-575 Members : Group Name : Remote Desktop Users Host Name : BLDDE01 Group SID : S-1-5-32-555 Members : Group Name : Remote Management Users Host Name : BLDDE01 Group SID : S-1-5-32-580 Members : Group Name : Replicator Host Name : BLDDE01 Group SID : S-1-5-32-552 Members : Group Name : Users Host Name : BLDDE01 Group SID : S-1-5-32-545 Members : Name : INTERACTIVE Domain : BLDDE01 Class : Win32_SystemAccount SID : S-1-5-4 Name : Authenticated Users Domain : BLDDE01 Class : Win32_SystemAccount SID : S-1-5-11 Name : Domain Users Domain : BLD01SEC Class : Win32_Group SID : Name : Administrator Domain : BLD01SEC Class : Win32_UserAccount SID : Group Name : ORA_ASMADMIN Host Name : BLDDE01 Group SID : S-1-5-21-2659951044-3182031200-318033672-1015 Members : Name : OracleServiceMDB Domain : NT SERVICE Class : Win32_SystemAccount SID : Group Name : ORA_ASMDBA Host Name : BLDDE01 Group SID : S-1-5-21-2659951044-3182031200-318033672-1010 Members : Name : de400$ Domain : BLD01SEC Class : Win32_UserAccount SID : Name : Administrator Domain : BLD01SEC Class : Win32_UserAccount SID : Group Name : ORA_ASMOPER Host Name : BLDDE01 Group SID : S-1-5-21-2659951044-3182031200-318033672-1011 Members : Group Name : ORA_CLIENT_LISTENERS Host Name : BLDDE01 Group SID : S-1-5-21-2659951044-3182031200-318033672-1006 Members : Group Name : ora_dba Host Name : BLDDE01 Group SID : S-1-5-21-2659951044-3182031200-318033672-1012 Members : Name : Administrator Domain : BLD01SEC Class : Win32_UserAccount SID : Name : SYSTEM Domain : BLDDE01 Class : Win32_SystemAccount SID : S-1-5-18 Group Name : ORA_GRID_LISTENERS Host Name : BLDDE01 Group SID : S-1-5-21-2659951044-3182031200-318033672-1004 Members : Group Name : ORA_INSTALL Host Name : BLDDE01 Group SID : S-1-5-21-2659951044-3182031200-318033672-1001 Members : Name : de400$ Domain : BLD01SEC Class : Win32_UserAccount SID : Group Name : ORA_OPER Host Name : BLDDE01 Group SID : S-1-5-21-2659951044-3182031200-318033672-1005 Members : Group Name : ORA_OraClient12Home1_32bit_DBA Host Name : BLDDE01 Group SID : S-1-5-21-2659951044-3182031200-318033672-1014 Members : Group Name : ORA_OraClient12Home1_32bit_SVCSIDS Host Name : BLDDE01 Group SID : S-1-5-21-2659951044-3182031200-318033672-1013 Members : Group Name : ORA_OraDB12Home1_DBA Host Name : BLDDE01 Group SID : S-1-5-21-2659951044-3182031200-318033672-1002 Members : Name : de400$ Domain : BLD01SEC Class : Win32_UserAccount SID : Group Name : ORA_OraDB12Home1_OPER Host Name : BLDDE01 Group SID : S-1-5-21-2659951044-3182031200-318033672-1003 Members : Group Name : ORA_OraDB12Home1_SYSBACKUP Host Name : BLDDE01 Group SID : S-1-5-21-2659951044-3182031200-318033672-1007 Members : Name : Administrator Domain : BLD01SEC Class : Win32_UserAccount SID : Group Name : ORA_OraDB12Home1_SYSDG Host Name : BLDDE01 Group SID : S-1-5-21-2659951044-3182031200-318033672-1008 Members : Name : Administrator Domain : BLD01SEC Class : Win32_UserAccount SID : Group Name : ORA_OraDB12Home1_SYSKM Host Name : BLDDE01 Group SID : S-1-5-21-2659951044-3182031200-318033672-1009 Members : Name : Administrator Domain : BLD01SEC Class : Win32_UserAccount SID : Group Name : WinRMRemoteWMIUsers__ Host Name : BLDDE01 Group SID : S-1-5-21-2659951044-3182031200-318033672-1000 Members :
|
72482 - Windows Display Driver Enumeration |
[-/+] |
Synopsis
Nessus was able to enumerate one or more of the display drivers on the remote host.Description
Nessus was able to enumerate one or more of the display drivers on the remote host via WMI.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2014/02/06, Modification date: 2017/04/03Ports
tcp/0
Device Name : VMware SVGA 3D Driver File Version : 8.15.1.48 Driver Date : 07/12/2016 Video Processor : VMware Virtual SVGA 3D Graphics Adapter
|
72684 - Enumerate Local Users |
[-/+] |
Synopsis
Nessus was able to connect to a host via SMB to retrieve a list of local users.Description
Nessus was able to connect to a host via SMB to retrieve a list of local users.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2014/02/25, Modification date: 2017/04/03Ports
tcp/0
Name : Administrator SID : S-1-5-21-2659951044-3182031200-318033672-500 Disabled : False Lockout : False Change password : True Name : Guest SID : S-1-5-21-2659951044-3182031200-318033672-501 Disabled : True Lockout : False Change password : False
|
77605 - Microsoft OneNote Detection |
[-/+] |
Synopsis
The remote Windows host contains Microsoft OneNote.Description
Microsoft OneNote is installed on the remote host.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2014/09/10, Modification date: 2017/03/03Ports
tcp/0
Path : C:\Program Files (x86)\Microsoft Office\Office16\OneNote.exe Version : 16.0.4266.1001
123/udp
|
34220 - Netstat Portscanner (WMI) |
[-/+] |
Synopsis
The list of open ports could be retrieved via netstat.Description
Using the WMI interface, it was possible to get the open ports by running the netstat command remotely.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/16, Modification date: 2017/04/03Ports
udp/123
Port 123/udp was found to be open
|
34252 - Microsoft Windows Remote Listeners Enumeration (WMI) |
[-/+] |
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/23, Modification date: 2017/04/03Ports
udp/123
The Win32 process 'ntpd.exe' is listening on this port (pid 1392). This process 'ntpd.exe' (pid 1392) is hosting the following Windows services : NTP (Network Time Protocol)
135/tcp
|
10736 - DCE Services Enumeration |
[-/+] |
Synopsis
A DCE/RPC service is running on the remote host.Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2001/08/26, Modification date: 2014/05/12Ports
tcp/135
The following DCERPC services are available locally : Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91 UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : WindowsShutdown Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91 UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : WMsgKRpc08C700 Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000 UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : WindowsShutdown Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000 UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : WMsgKRpc08C700 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : LRPC-44d520f957812a1b2a Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : LSMApi Object UUID : 3bdb59a0-d736-4d44-9074-c1ee00000002 UUID : b2507c30-b126-494a-92ac-ee32b6eeb039, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : LRPC-51d953f6fb8517fca9 Object UUID : b08669ee-8cb5-43a5-a017-84fe00000002 UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : WMsgKRpc015D75F02 Object UUID : 52ef130c-08fd-4388-86b3-6edf00000002 UUID : 12e65dd8-887f-41ef-91bf-8d816c42c2e7, version 1.0 Description : Unknown RPC service Annotation : Secure Desktop LRPC interface Type : Local RPC service Named pipe : WMsgKRpc015D75F02 Object UUID : 1fec7eab-c824-42e1-baf1-df9461ca9321 UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0 Description : Distributed Transaction Coordinator Windows process : msdtc.exe Type : Local RPC service Named pipe : LRPC-f087f563bb5a8f4b5a Object UUID : 6b53abb5-50de-47d1-9220-85335d34fae3 UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0 Description : Distributed Transaction Coordinator Windows process : msdtc.exe Type : Local RPC service Named pipe : LRPC-f087f563bb5a8f4b5a Object UUID : dae94ba5-06c1-43dc-b667-46defd8e4584 UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0 Description : Distributed Transaction Coordinator Windows process : msdtc.exe Type : Local RPC service Named pipe : LRPC-f087f563bb5a8f4b5a Object UUID : 2143bec9-749f-4ceb-b007-269d8e79b28c UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0 Description : Distributed Transaction Coordinator Windows process : msdtc.exe Type : Local RPC service Named pipe : OLEE2179570A3478B5293B3B5B568A7 Object UUID : 2143bec9-749f-4ceb-b007-269d8e79b28c UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0 Description : Distributed Transaction Coordinator Windows process : msdtc.exe Type : Local RPC service Named pipe : LRPC-be5e31ae03fd1fb840 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345678-1234-abcd-ef00-0123456789ab, version 1.0 Description : IPsec Services (Windows XP & 2003) Windows process : lsass.exe Type : Local RPC service Named pipe : LRPC-9597fd1cca96ee3d1a Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : LRPC-9597fd1cca96ee3d1a Object UUID : 00000000-0000-0000-0000-000000000000 UUID : ae33069b-a2a8-46ee-a235-ddfd339be281, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : LRPC-9597fd1cca96ee3d1a Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 4a452661-8290-4b36-8fbe-7f4093a94978, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : LRPC-9597fd1cca96ee3d1a Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 76f03f96-cdfd-44fc-a22c-64950a001209, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : LRPC-9597fd1cca96ee3d1a Object UUID : 00000000-0000-0000-0000-000000000000 UUID : f2c9b409-c1c9-4100-8639-d8ab1486694a, version 1.0 Description : Unknown RPC service Annotation : Witness Client Upcall Server Type : Local RPC service Named pipe : DNSResolver Object UUID : 00000000-0000-0000-0000-000000000000 UUID : f2c9b409-c1c9-4100-8639-d8ab1486694a, version 1.0 Description : Unknown RPC service Annotation : Witness Client Upcall Server Type : Local RPC service Named pipe : LRPC-3165d4790c8b24a419 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : eb081a0d-10ee-478a-a1dd-50995283e7a8, version 3.0 Description : Unknown RPC service Annotation : Witness Client Test Interface Type : Local RPC service Named pipe : DNSResolver Object UUID : 00000000-0000-0000-0000-000000000000 UUID : eb081a0d-10ee-478a-a1dd-50995283e7a8, version 3.0 Description : Unknown RPC service Annotation : Witness Client Test Interface Type : Local RPC service Named pipe : LRPC-3165d4790c8b24a419 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 7f1343fe-50a9-4927-a778-0c5859517bac, version 1.0 Description : Unknown RPC service Annotation : DfsDs service Type : Local RPC service Named pipe : DNSResolver Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 7f1343fe-50a9-4927-a778-0c5859517bac, version 1.0 Description : Unknown RPC service Annotation : DfsDs service Type : Local RPC service Named pipe : LRPC-3165d4790c8b24a419 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : dd490425-5325-4565-b774-7e27d6c09c24, version 1.0 Description : Unknown RPC service Annotation : Base Firewall Engine API Type : Local RPC service Named pipe : LRPC-367268f174c68f20ea Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 7f9d11bf-7fb9-436b-a812-b2d50c5d4c03, version 1.0 Description : Unknown RPC service Annotation : Fw APIs Type : Local RPC service Named pipe : LRPC-367268f174c68f20ea Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 7f9d11bf-7fb9-436b-a812-b2d50c5d4c03, version 1.0 Description : Unknown RPC service Annotation : Fw APIs Type : Local RPC service Named pipe : LRPC-f1d3f597d520916065 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : f47433c3-3e9d-4157-aad4-83aa1f5c2d4c, version 1.0 Description : Unknown RPC service Annotation : Fw APIs Type : Local RPC service Named pipe : LRPC-367268f174c68f20ea Object UUID : 00000000-0000-0000-0000-000000000000 UUID : f47433c3-3e9d-4157-aad4-83aa1f5c2d4c, version 1.0 Description : Unknown RPC service Annotation : Fw APIs Type : Local RPC service Named pipe : LRPC-f1d3f597d520916065 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0 Description : Unknown RPC service Annotation : Fw APIs Type : Local RPC service Named pipe : LRPC-367268f174c68f20ea Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0 Description : Unknown RPC service Annotation : Fw APIs Type : Local RPC service Named pipe : LRPC-f1d3f597d520916065 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 7ea70bcf-48af-4f6a-8968-6a440754d5fa, version 1.0 Description : Unknown RPC service Annotation : NSI server endpoint Type : Local RPC service Named pipe : OLE4774F78A17ED5D6F0D640E8C7553 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 7ea70bcf-48af-4f6a-8968-6a440754d5fa, version 1.0 Description : Unknown RPC service Annotation : NSI server endpoint Type : Local RPC service Named pipe : LRPC-d4fd92cdf69e34fef7 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0 Description : Unknown RPC service Annotation : WinHttp Auto-Proxy Service Type : Local RPC service Named pipe : OLE4774F78A17ED5D6F0D640E8C7553 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0 Description : Unknown RPC service Annotation : WinHttp Auto-Proxy Service Type : Local RPC service Named pipe : LRPC-d4fd92cdf69e34fef7 Object UUID : 666f7270-6c69-7365-0000-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 6c637067-6569-746e-0000-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 24d1f7c7-76af-4f28-9ccd-7f6cb6468601 UUID : 2eb08e3e-639f-4fba-97b1-14f878961076, version 1.0 Description : Unknown RPC service Annotation : Group Policy RPC Interface Type : Local RPC service Named pipe : LRPC-a99b2fdb7c06f46d03 Object UUID : 736e6573-0000-0000-0000-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 736e6573-0000-0000-0000-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Local RPC service Named pipe : OLE54389748D2B7E88261222E325FBA Object UUID : 736e6573-0000-0000-0000-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Local RPC service Named pipe : senssvc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Local RPC service Named pipe : OLE54389748D2B7E88261222E325FBA Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Local RPC service Named pipe : senssvc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Local RPC service Named pipe : OLE54389748D2B7E88261222E325FBA Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Local RPC service Named pipe : senssvc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Local RPC service Named pipe : OLE54389748D2B7E88261222E325FBA Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Local RPC service Named pipe : senssvc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : OLE54389748D2B7E88261222E325FBA Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : senssvc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : ubpmtaskhostchannel Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : OLE54389748D2B7E88261222E325FBA Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : senssvc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : ubpmtaskhostchannel Object UUID : 00000000-0000-0000-0000-000000000000 UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0 Description : Unknown RPC service Annotation : IKE/Authip API Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0 Description : Unknown RPC service Annotation : IKE/Authip API Type : Local RPC service Named pipe : OLE54389748D2B7E88261222E325FBA Object UUID : 00000000-0000-0000-0000-000000000000 UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0 Description : Unknown RPC service Annotation : IKE/Authip API Type : Local RPC service Named pipe : senssvc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0 Description : Unknown RPC service Annotation : IKE/Authip API Type : Local RPC service Named pipe : ubpmtaskhostchannel Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0 Description : Unknown RPC service Annotation : IP Transition Configuration endpoint Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0 Description : Unknown RPC service Annotation : IP Transition Configuration endpoint Type : Local RPC service Named pipe : OLE54389748D2B7E88261222E325FBA Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0 Description : Unknown RPC service Annotation : IP Transition Configuration endpoint Type : Local RPC service Named pipe : senssvc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0 Description : Unknown RPC service Annotation : IP Transition Configuration endpoint Type : Local RPC service Named pipe : ubpmtaskhostchannel Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0 Description : Unknown RPC service Annotation : Proxy Manager provider server endpoint Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0 Description : Unknown RPC service Annotation : Proxy Manager provider server endpoint Type : Local RPC service Named pipe : OLE54389748D2B7E88261222E325FBA Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0 Description : Unknown RPC service Annotation : Proxy Manager provider server endpoint Type : Local RPC service Named pipe : senssvc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0 Description : Unknown RPC service Annotation : Proxy Manager provider server endpoint Type : Local RPC service Named pipe : ubpmtaskhostchannel Object UUID : 00000000-0000-0000-0000-000000000000 UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0 Description : Unknown RPC service Annotation : Proxy Manager client server endpoint Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0 Description : Unknown RPC service Annotation : Proxy Manager client server endpoint Type : Local RPC service Named pipe : OLE54389748D2B7E88261222E325FBA Object UUID : 00000000-0000-0000-0000-000000000000 UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0 Description : Unknown RPC service Annotation : Proxy Manager client server endpoint Type : Local RPC service Named pipe : senssvc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0 Description : Unknown RPC service Annotation : Proxy Manager client server endpoint Type : Local RPC service Named pipe : ubpmtaskhostchannel Object UUID : 00000000-0000-0000-0000-000000000000 UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0 Description : Unknown RPC service Annotation : Adh APIs Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0 Description : Unknown RPC service Annotation : Adh APIs Type : Local RPC service Named pipe : OLE54389748D2B7E88261222E325FBA Object UUID : 00000000-0000-0000-0000-000000000000 UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0 Description : Unknown RPC service Annotation : Adh APIs Type : Local RPC service Named pipe : senssvc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0 Description : Unknown RPC service Annotation : Adh APIs Type : Local RPC service Named pipe : ubpmtaskhostchannel Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0 Description : Unknown RPC service Annotation : XactSrv service Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0 Description : Unknown RPC service Annotation : XactSrv service Type : Local RPC service Named pipe : OLE54389748D2B7E88261222E325FBA Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0 Description : Unknown RPC service Annotation : XactSrv service Type : Local RPC service Named pipe : senssvc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0 Description : Unknown RPC service Annotation : XactSrv service Type : Local RPC service Named pipe : ubpmtaskhostchannel Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 1a0d010f-1c33-432c-b0f5-8cf4e8053099, version 1.0 Description : Unknown RPC service Annotation : IdSegSrv service Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 1a0d010f-1c33-432c-b0f5-8cf4e8053099, version 1.0 Description : Unknown RPC service Annotation : IdSegSrv service Type : Local RPC service Named pipe : OLE54389748D2B7E88261222E325FBA Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 1a0d010f-1c33-432c-b0f5-8cf4e8053099, version 1.0 Description : Unknown RPC service Annotation : IdSegSrv service Type : Local RPC service Named pipe : senssvc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 1a0d010f-1c33-432c-b0f5-8cf4e8053099, version 1.0 Description : Unknown RPC service Annotation : IdSegSrv service Type : Local RPC service Named pipe : ubpmtaskhostchannel Object UUID : 73736573-6f69-656e-6e76-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 73736573-6f69-656e-6e76-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Local RPC service Named pipe : OLE54389748D2B7E88261222E325FBA Object UUID : 73736573-6f69-656e-6e76-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Local RPC service Named pipe : senssvc Object UUID : 73736573-6f69-656e-6e76-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Local RPC service Named pipe : ubpmtaskhostchannel Object UUID : 73736573-6f69-656e-6e76-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Local RPC service Named pipe : DeviceSetupManager Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : OLE54389748D2B7E88261222E325FBA Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : senssvc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : ubpmtaskhostchannel Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : DeviceSetupManager Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : SessEnvPrivateRpc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : LRPC-7fdad9d70630a1a52e Object UUID : 00000000-0000-0000-0000-000000000000 UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0 Description : Unknown RPC service Annotation : Event log TCPIP Type : Local RPC service Named pipe : eventlog Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0 Description : Unknown RPC service Annotation : NRP server endpoint Type : Local RPC service Named pipe : eventlog Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0 Description : Unknown RPC service Annotation : NRP server endpoint Type : Local RPC service Named pipe : LRPC-829966006268cda570 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : abfb6ca3-0c5e-4734-9285-0aee72fe8d1c, version 1.0 Description : Unknown RPC service Annotation : Wcm Service Type : Local RPC service Named pipe : eventlog Object UUID : 00000000-0000-0000-0000-000000000000 UUID : abfb6ca3-0c5e-4734-9285-0aee72fe8d1c, version 1.0 Description : Unknown RPC service Annotation : Wcm Service Type : Local RPC service Named pipe : LRPC-829966006268cda570 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0 Description : Unknown RPC service Annotation : DHCPv6 Client LRPC Endpoint Type : Local RPC service Named pipe : eventlog Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0 Description : Unknown RPC service Annotation : DHCPv6 Client LRPC Endpoint Type : Local RPC service Named pipe : LRPC-829966006268cda570 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0 Description : Unknown RPC service Annotation : DHCPv6 Client LRPC Endpoint Type : Local RPC service Named pipe : dhcpcsvc6 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0 Description : DHCP Client Service Windows process : svchost.exe Annotation : DHCP Client LRPC Endpoint Type : Local RPC service Named pipe : eventlog Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0 Description : DHCP Client Service Windows process : svchost.exe Annotation : DHCP Client LRPC Endpoint Type : Local RPC service Named pipe : LRPC-829966006268cda570 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0 Description : DHCP Client Service Windows process : svchost.exe Annotation : DHCP Client LRPC Endpoint Type : Local RPC service Named pipe : dhcpcsvc6 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0 Description : DHCP Client Service Windows process : svchost.exe Annotation : DHCP Client LRPC Endpoint Type : Local RPC service Named pipe : dhcpcsvc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Local RPC service Named pipe : audit Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Local RPC service Named pipe : securityevent Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Local RPC service Named pipe : LSARPC_ENDPOINT Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Local RPC service Named pipe : lsacap Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Local RPC service Named pipe : LSA_EAS_ENDPOINT Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Local RPC service Named pipe : lsapolicylookup Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Local RPC service Named pipe : lsasspirpc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Local RPC service Named pipe : protected_storage Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Local RPC service Named pipe : SidKey Local End Point Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Local RPC service Named pipe : samss lpc Object UUID : 5fc860e0-6f6e-4fc2-83cd-46324f25e90b UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0 Description : Unknown RPC service Annotation : RemoteAccessCheck Type : Local RPC service Named pipe : audit Object UUID : 5fc860e0-6f6e-4fc2-83cd-46324f25e90b UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0 Description : Unknown RPC service Annotation : RemoteAccessCheck Type : Local RPC service Named pipe : securityevent Object UUID : 5fc860e0-6f6e-4fc2-83cd-46324f25e90b UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0 Description : Unknown RPC service Annotation : RemoteAccessCheck Type : Local RPC service Named pipe : LSARPC_ENDPOINT Object UUID : 5fc860e0-6f6e-4fc2-83cd-46324f25e90b UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0 Description : Unknown RPC service Annotation : RemoteAccessCheck Type : Local RPC service Named pipe : lsacap Object UUID : 5fc860e0-6f6e-4fc2-83cd-46324f25e90b UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0 Description : Unknown RPC service Annotation : RemoteAccessCheck Type : Local RPC service Named pipe : LSA_EAS_ENDPOINT Object UUID : 5fc860e0-6f6e-4fc2-83cd-46324f25e90b UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0 Description : Unknown RPC service Annotation : RemoteAccessCheck Type : Local RPC service Named pipe : lsapolicylookup Object UUID : 5fc860e0-6f6e-4fc2-83cd-46324f25e90b UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0 Description : Unknown RPC service Annotation : RemoteAccessCheck Type : Local RPC service Named pipe : lsasspirpc Object UUID : 5fc860e0-6f6e-4fc2-83cd-46324f25e90b UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0 Description : Unknown RPC service Annotation : RemoteAccessCheck Type : Local RPC service Named pipe : protected_storage Object UUID : 5fc860e0-6f6e-4fc2-83cd-46324f25e90b UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0 Description : Unknown RPC service Annotation : RemoteAccessCheck Type : Local RPC service Named pipe : SidKey Local End Point Object UUID : 5fc860e0-6f6e-4fc2-83cd-46324f25e90b UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0 Description : Unknown RPC service Annotation : RemoteAccessCheck Type : Local RPC service Named pipe : samss lpc Object UUID : 5fc860e0-6f6e-4fc2-83cd-46324f25e90b UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0 Description : Unknown RPC service Annotation : RemoteAccessCheck Type : Local RPC service Named pipe : NETLOGON_LRPC Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0 Description : Unknown RPC service Annotation : RemoteAccessCheck Type : Local RPC service Named pipe : audit Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0 Description : Unknown RPC service Annotation : RemoteAccessCheck Type : Local RPC service Named pipe : securityevent Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0 Description : Unknown RPC service Annotation : RemoteAccessCheck Type : Local RPC service Named pipe : LSARPC_ENDPOINT Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0 Description : Unknown RPC service Annotation : RemoteAccessCheck Type : Local RPC service Named pipe : lsacap Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0 Description : Unknown RPC service Annotation : RemoteAccessCheck Type : Local RPC service Named pipe : LSA_EAS_ENDPOINT Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0 Description : Unknown RPC service Annotation : RemoteAccessCheck Type : Local RPC service Named pipe : lsapolicylookup Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0 Description : Unknown RPC service Annotation : RemoteAccessCheck Type : Local RPC service Named pipe : lsasspirpc Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0 Description : Unknown RPC service Annotation : RemoteAccessCheck Type : Local RPC service Named pipe : protected_storage Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0 Description : Unknown RPC service Annotation : RemoteAccessCheck Type : Local RPC service Named pipe : SidKey Local End Point Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0 Description : Unknown RPC service Annotation : RemoteAccessCheck Type : Local RPC service Named pipe : samss lpc Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0 Description : Unknown RPC service Annotation : RemoteAccessCheck Type : Local RPC service Named pipe : NETLOGON_LRPC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 4bec6bb8-b5c2-4b6f-b2c1-5da5cf92d0d9, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : umpo Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 4bec6bb8-b5c2-4b6f-b2c1-5da5cf92d0d9, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : actkernel Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 085b0334-e454-4d91-9b8c-4134f9e793f3, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : umpo Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 085b0334-e454-4d91-9b8c-4134f9e793f3, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : actkernel Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 8782d3b9-ebbd-4644-a3d8-e8725381919b, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : umpo Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 8782d3b9-ebbd-4644-a3d8-e8725381919b, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : actkernel Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3b338d89-6cfa-44b8-847e-531531bc9992, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : umpo Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3b338d89-6cfa-44b8-847e-531531bc9992, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : actkernel Object UUID : 00000000-0000-0000-0000-000000000000 UUID : bdaa0970-413b-4a3e-9e5d-f6dc9d7e0760, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : umpo Object UUID : 00000000-0000-0000-0000-000000000000 UUID : bdaa0970-413b-4a3e-9e5d-f6dc9d7e0760, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : actkernel Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 2d98a740-581d-41b9-aa0d-a88b9d5ce938, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : umpo Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 2d98a740-581d-41b9-aa0d-a88b9d5ce938, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : actkernel Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 8bfc3be1-6def-4e2d-af74-7c47cd0ade4a, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : umpo Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 8bfc3be1-6def-4e2d-af74-7c47cd0ade4a, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : actkernel Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 1b37ca91-76b1-4f5e-a3c7-2abfc61f2bb0, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : umpo Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 1b37ca91-76b1-4f5e-a3c7-2abfc61f2bb0, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : actkernel Object UUID : 00000000-0000-0000-0000-000000000000 UUID : c605f9fb-f0a3-4e2a-a073-73560f8d9e3e, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : umpo Object UUID : 00000000-0000-0000-0000-000000000000 UUID : c605f9fb-f0a3-4e2a-a073-73560f8d9e3e, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : actkernel Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 0d3e2735-cea0-4ecc-a9e2-41a2d81aed4e, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : umpo Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 0d3e2735-cea0-4ecc-a9e2-41a2d81aed4e, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : actkernel Object UUID : 6d726574-7273-0076-0000-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Local RPC service Named pipe : umpo Object UUID : 6d726574-7273-0076-0000-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Local RPC service Named pipe : actkernel Object UUID : 6d726574-7273-0076-0000-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Local RPC service Named pipe : LRPC-04655bb2de2b102f72 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : umpo Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : actkernel Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : LRPC-04655bb2de2b102f72 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : LSMApi Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : LRPC-44d520f957812a1b2a Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : umpo Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : actkernel Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : LRPC-04655bb2de2b102f72
|
34220 - Netstat Portscanner (WMI) |
[-/+] |
Synopsis
The list of open ports could be retrieved via netstat.Description
Using the WMI interface, it was possible to get the open ports by running the netstat command remotely.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/16, Modification date: 2017/04/03Ports
tcp/135
Port 135/tcp was found to be open
|
34252 - Microsoft Windows Remote Listeners Enumeration (WMI) |
[-/+] |
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/23, Modification date: 2017/04/03Ports
tcp/135
The Win32 process 'svchost.exe' is listening on this port (pid 652). This process 'svchost.exe' (pid 652) is hosting the following Windows services : RpcEptMapper (@%windir%\system32\RpcEpMap.dll,-1001) RpcSs (@combase.dll,-5010)
137/udp
|
10150 - Windows NetBIOS / SMB Remote Host Information Disclosure |
[-/+] |
Synopsis
It was possible to obtain the network name of the remote host.Description
The remote host is listening on UDP port 137 or TCP port 445, and replies to NetBIOS nbtscan or SMB requests. Note that this plugin gathers information to be used in other plugins, but does not itself generate a report.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 1999/10/12, Modification date: 2016/12/28Ports
udp/137
The following 3 NetBIOS names have been gathered : BLDDE01 = Computer name BLD01SEC = Workgroup / Domain name BLDDE01 = File Server Service The remote host has the following MAC address on its adapter : 00:0c:29:b6:23:1d
|
34220 - Netstat Portscanner (WMI) |
[-/+] |
Synopsis
The list of open ports could be retrieved via netstat.Description
Using the WMI interface, it was possible to get the open ports by running the netstat command remotely.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/16, Modification date: 2017/04/03Ports
udp/137
Port 137/udp was found to be open
|
34252 - Microsoft Windows Remote Listeners Enumeration (WMI) |
[-/+] |
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/23, Modification date: 2017/04/03Ports
udp/137
The Win32 process 'System' is listening on this port (pid 4).
138/udp
|
34220 - Netstat Portscanner (WMI) |
[-/+] |
Synopsis
The list of open ports could be retrieved via netstat.Description
Using the WMI interface, it was possible to get the open ports by running the netstat command remotely.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/16, Modification date: 2017/04/03Ports
udp/138
Port 138/udp was found to be open
|
34252 - Microsoft Windows Remote Listeners Enumeration (WMI) |
[-/+] |
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/23, Modification date: 2017/04/03Ports
udp/138
The Win32 process 'System' is listening on this port (pid 4).
139/tcp
|
11011 - Microsoft Windows SMB Service Detection |
[-/+] |
Synopsis
A file / print sharing service is listening on the remote host.Description
The remote service understands the CIFS (Common Internet File System) or Server Message Block (SMB) protocol, used to provide shared access to files, printers, etc between nodes on a network.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2002/06/05, Modification date: 2015/06/02Ports
tcp/139
An SMB server is running on this port.
|
34220 - Netstat Portscanner (WMI) |
[-/+] |
Synopsis
The list of open ports could be retrieved via netstat.Description
Using the WMI interface, it was possible to get the open ports by running the netstat command remotely.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/16, Modification date: 2017/04/03Ports
tcp/139
Port 139/tcp was found to be open
|
34252 - Microsoft Windows Remote Listeners Enumeration (WMI) |
[-/+] |
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/23, Modification date: 2017/04/03Ports
tcp/139
The Win32 process 'System' is listening on this port (pid 4).
445/tcp
|
86576 - Oracle Database Multiple Vulnerabilities (October 2015 CPU) |
[-/+] |
Synopsis
The remote database server is affected by multiple vulnerabilities.Description
The remote Oracle database server is missing the October 2015 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities in the following components : - Core RDBMS (CVE-2015-4857) - Database Scheduler (CVE-2015-4873) - Java VM (CVE-2015-4794, CVE-2015-4796, CVE-2015-4888) - Portable Clusterware (CVE-2015-4863) - XDB-XML Database (CVE-2015-4900)See Also
Solution
Apply the appropriate patch according to the October 2015 Oracle Critical Patch Update advisory.Risk Factor
CriticalCVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2015/10/23, Modification date: 2016/04/28Ports
tcp/445
The following vulnerable instance of Oracle Database is installed on the remote host : Ohome : c:\oracle\product\12.1.0\dbhome_1 Missing OJVM Patches : 21788394
|
91605 - MS16-077: Security Update for WPAD (3165191) |
[-/+] |
Synopsis
The remote host is affected by multiple elevation of privilege vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple elevation of privilege vulnerabilities : - An elevation of privilege vulnerability exists in the Web Proxy Auto Discovery (WPAD) protocol due to improper handling of the proxy discovery process. A remote attacker can exploit this, by responding to NetBIOS name requests for WPAD, to bypass security restrictions and gain elevated privileges. (CVE-2016-3213) - An elevation of privilege vulnerability exists in the Web Proxy Auto Discovery (WPAD) protocol due to improper handling of certain proxy discovery scenarios. A remote attacker can exploit this to elevate privileges, resulting in the ability to disclose or control network traffic. (CVE-2016-3236) - An elevation of privilege vulnerability exists in NetBIOS due to improper handling of responses. A remote attacker can exploit this, via specially crafted NetBIOS responses, to appear as a trusted network device, resulting in the ability to render untrusted content in a browser outside of Enhanced Protected Mode (EPM) or an application container. (CVE-2016-3299)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, RT 8.1, 2012 R2, and 10. Note that cumulative update 3160005 in MS16-063 must also be installed in order to fully resolve CVE-2016-3213.Risk Factor
CriticalCVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.8 (CVSS2#E:POC/RL:OF/RC:C)STIG Severity
IReferences
Exploitable with
Core Impact (true)Plugin Information:
Publication date: 2016/06/14, Modification date: 2016/08/10Ports
tcp/445
- C:\Windows\system32\ws2_32.dll has not been patched. Remote version : 6.3.9600.17415 Should be : 6.3.9600.18340
|
92516 - Oracle Java SE Multiple Vulnerabilities (July 2016 CPU) |
[-/+] |
Synopsis
The remote Windows host contains a programming platform that is affected by multiple vulnerabilities.Description
The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 8 Update 101, 7 Update 111, or 6 Update 121. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the CORBA subcomponent that allows an unauthenticated, remote attacker to impact integrity. (CVE-2016-3458) - An unspecified flaw exists in the Networking subcomponent that allows a local attacker to impact integrity. (CVE-2016-3485) - An unspecified flaw exists in the JavaFX subcomponent that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2016-3498) - An unspecified flaw exists in the JAXP subcomponent that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2016-3500) - An unspecified flaw exists in the Install subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-3503) - An unspecified flaw exists in the JAXP subcomponent that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2016-3508) - An unspecified flaw exists in the Deployment subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-3511) - An unspecified flaw exists in the Hotspot subcomponent that allows an unauthenticated, remote attacker to disclose potentially sensitive information. (CVE-2016-3550) - An unspecified flaw exists in the Install subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-3552) - A flaw exists in the Hotspot subcomponent due to improper access to the MethodHandle::invokeBasic() function. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-3587) - A flaw exists in the Libraries subcomponent within the MethodHandles::dropArguments() function that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-3598) - A flaw exists in the Hotspot subcomponent within the ClassVerifier::ends_in_athrow() function when handling bytecode verification. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-3606) - An unspecified flaw exists in the Libraries subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-3610)See Also
Solution
Upgrade to Oracle JDK / JRE 8 Update 101 / 7 Update 111 / 6 Update 121 or later. If necessary, remove any affected versions. Note that an Extended Support contract with Oracle is needed to obtain JDK / JRE 6 Update 95 or later.Risk Factor
CriticalCVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/07/22, Modification date: 2016/10/25Ports
tcp/445
The following vulnerable instance of Java is installed on the remote host : Path : C:\Program Files (x86)\Java\jre1.8.0_73 Installed version : 1.8.0_73 Fixed version : 1.6.0_121 / 1.7.0_111 / 1.8.0_101
|
97737 - MS17-010: Security Update for Microsoft Windows SMB Server (4013389) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by the following vulnerabilities : - Multiple remote code execution vulnerabilities exist in Microsoft Server Message Block 1.0 (SMBv1) due to improper handling of certain requests. An unauthenticated, remote attacker can exploit these vulnerabilities, via a specially crafted packet, to execute arbitrary code. (CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, CVE-2017-0148) - An information disclosure vulnerability exists in Microsoft Server Message Block 1.0 (SMBv1) due to improper handling of certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information. (CVE-2017-0147)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.Risk Factor
CriticalCVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
8.5 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IReferences
Plugin Information:
Publication date: 2017/03/15, Modification date: 2017/03/20Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 4012213 - 4012216 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.18228 Should be : 6.3.9600.18603
|
97743 - MS17-012: Security Update for Microsoft Windows (4013078) |
[-/+] |
Synopsis
The remote Windows host is affected multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability exists in Device Guard due to improper validation of certain elements in a signed PowerShell script. An unauthenticated, remote attacker can exploit this vulnerability to modify the contents of a PowerShell script without invalidating the signature associated with the file, allowing the execution of a malicious script. (CVE-2017-0007) - A denial of service vulnerability exists in the Microsoft Server Message Block 2.0 and 3.0 (SMBv2/SMBv3) client implementations due to improper handling of certain requests sent to the client. An unauthenticated, remote attacker can exploit this issue, via a malicious SMB server, to cause the system to stop responding until it is manually restarted. (CVE-2017-0016) - A remote code execution vulnerability exists due to using an insecure path to load certain dynamic link library (DLL) files. A local attacker can exploit this, via a specially crafted library placed in the path, to execute arbitrary code. (CVE-2017-0039) - An information disclosure vulnerability exists in Windows dnsclient due to improper handling of certain requests. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted web page, to gain access to sensitive information on a targeted workstation. If the target is a server, the attacker can also exploit this issue by tricking the server into sending a DNS query to a malicious DNS server. (CVE-2017-0057) - An elevation of privilege vulnerability exists in Helppane.exe due to a failure by an unspecified DCOM object, configured to run as the interactive user, to properly authenticate the client. An authenticated, remote attacker can exploit this, via a specially crafted application, to execute arbitrary code in another user's session. (CVE-2017-0100) - An integer overflow condition exists in the iSNS Server service due to improper validation of input from the client. An unauthenticated, remote attacker can exploit this issue, via a specially crafted application that connects and issues requests to the iSNS server, to execute arbitrary code in the context of the SYSTEM account. (CVE-2017-0104)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.Risk Factor
CriticalCVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
8.8 (CVSS:3.0/E:P/RL:O/RC:C)CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.8 (CVSS2#E:POC/RL:OF/RC:C)STIG Severity
IReferences
Plugin Information:
Publication date: 2017/03/15, Modification date: 2017/03/20Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 4012213 - 4012216 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.18228 Should be : 6.3.9600.18603
|
53382 - MS11-025: Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution (2500212) |
[-/+] |
Synopsis
Arbitrary code can be executed on the remote host through the Microsoft Foundation Class library.Description
The remote Windows host contains a version of the Microsoft Foundation Class (MFC) library affected by an insecure library loading vulnerability. The path used for loading external libraries is not securely restricted. An attacker can exploit this by tricking a user into opening an MFC application in a directory that contains a malicious DLL, resulting in arbitrary code execution.See Also
Solution
Microsoft has released a set of patches for Visual Studio .NET 2003, 2005, and 2008, as well as Visual C++ 2005, 2008, and 2010.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IIReferences
Plugin Information:
Publication date: 2011/04/13, Modification date: 2016/05/06Ports
tcp/445
The following Visual C++ Redistributable Packages have not been patched : Product : Visual C++ 2008 SP1 Redistributable Package 32-bit Installed version : 9.0.30729.4148 Fixed version : 9.0.30729.6161 Product : Visual C++ 2010 SP1 Redistributable Package Installed version : 10.0.40219.1 Fixed version : 10.0.40219.325
|
80906 - Oracle Database Multiple Vulnerabilities (January 2015 CPU) |
[-/+] |
Synopsis
The remote database server is affected by multiple vulnerabilities.Description
The remote Oracle database server is missing the January 2015 Critical Patch Update (CPU). It is, therefore, affected by security issues in the following components : - Core RDBMS - DBMS_UTILITY - PL/SQL - Recovery - Workspace Manager - XML Developer's Kit for CSee Also
Solution
Apply the appropriate patch according to the January 2015 Oracle Critical Patch Update advisory.Risk Factor
HighCVSS Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)CVSS Temporal Score
7.8 (CVSS2#E:ND/RL:OF/RC:C)References
Exploitable with
Core Impact (true)Plugin Information:
Publication date: 2015/01/22, Modification date: 2015/07/14Ports
tcp/445
The following vulnerable instance of Oracle Database is installed on the remote host : Ohome : c:\oracle\product\12.1.0\dbhome_1 Missing OJVM Patches : 20225938
|
81264 - MS15-011: Vulnerability in Group Policy Could Allow Remote Code Execution (3000483) |
[-/+] |
Synopsis
The remote Windows host is affected by a remote code execution vulnerability.Description
The remote Windows host is affected by a remote code execution vulnerability due to how the Group Policy service manages policy data when a domain-joined system connects to a domain controller. An attacker, using a controlled network, can exploit this to gain complete control of the host. Note that Microsoft has no plans to release an update for Windows 2003 even though it is affected by this vulnerability.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
8.1 (CVSS2#E:ND/RL:OF/RC:C)STIG Severity
IReferences
| BID |
72477
|
| CVE |
CVE-2015-0008
|
| XREF |
OSVDB:118181 |
| XREF |
CERT:787252 |
| XREF |
MSFT:MS15-011 |
| XREF |
IAVA:2015-A-0033 |
Exploitable with
Core Impact (true)Plugin Information:
Publication date: 2015/02/10, Modification date: 2015/05/18Ports
tcp/445
KB 3000483 or a related, subsequent update was successfully installed, but the GPO setting "Hardened UNC Paths" has not been enabled.
|
82903 - Oracle Database Multiple Vulnerabilities (April 2015 CPU) |
[-/+] |
Synopsis
The remote database server is affected by multiple vulnerabilities.Description
The remote Oracle database server is missing the April 2015 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities in the following components : - Core RDBMS (CVE-2015-0483) - Java VM (CVE-2015-0457) - XDB-XML Database (CVE-2015-0455) - XDK and XDB-XML Database (CVE-2015-0479)See Also
Solution
Apply the appropriate patch according to the April 2015 Oracle Critical Patch Update advisory.Risk Factor
HighCVSS Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)CVSS Temporal Score
7.8 (CVSS2#E:ND/RL:OF/RC:C)References
Plugin Information:
Publication date: 2015/04/20, Modification date: 2015/07/19Ports
tcp/445
The following vulnerable instance of Oracle Database is installed on the remote host : Ohome : c:\oracle\product\12.1.0\dbhome_1 Missing OJVM Patches : 20391199
|
84822 - Oracle Database Multiple Vulnerabilities (July 2015 CPU) |
[-/+] |
Synopsis
The remote database server is affected by multiple vulnerabilities.Description
The remote Oracle database server is missing the July 2015 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities in the following components : - Application Express (CVE-2015-2655, CVE-2015-2585, CVE-2015-2586) - Core RDBMS (CVE-2015-0468) - Java VM (CVE-2015-2629) - Oracle OLAP (CVE-2015-2595) - RDBMS Partitioning (CVE-2015-4740) - RDBMS Scheduler (CVE-2015-2599) - RDBMS Security (CVE-2015-4755) - RDBMS Support Tools (CVE-2015-4753)See Also
Solution
Apply the appropriate patch according to the July 2015 Oracle Critical Patch Update advisory.Risk Factor
HighCVSS Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)CVSS Temporal Score
7.8 (CVSS2#E:ND/RL:OF/RC:C)References
Plugin Information:
Publication date: 2015/07/17, Modification date: 2015/12/10Ports
tcp/445
The following vulnerable instance of Oracle Database is installed on the remote host : Ohome : c:\oracle\product\12.1.0\dbhome_1 Missing OJVM Patches : 21153530
|
86823 - MS15-116: Security Update for Microsoft Office to Address Remote Code Execution (3104540) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple vulnerabilities.Description
The remote Windows host has a version of Microsoft Office, Access, Excel, InfoPath, OneNote, PowerPoint, Project, Publisher, Visio, Word, Excel Viewer, Word Viewer, SharePoint Server, Office Compatibility Pack, Office Web Apps, Skype for Business, or Lync installed that is affected by multiple vulnerabilities : - Multiple remote code execution vulnerabilities exist due to improper handling of objects in memory. A remote attacker can exploit these vulnerabilities by convincing a user to open a specially crafted Office file, resulting in execution of arbitrary code in the context of the current user. (CVE-2015-6038, CVE-2015-6091, CVE-2015-6092, CVE-2015-6093, CVE-2015-6094) - An elevation of privilege vulnerability exists when an attacker instantiates an affected Office application via a COM control. An attacker who successfully exploits this vulnerability can gain elevated privileges and break out of the Internet Explorer sandbox. (CVE-2015-2503)See Also
Solution
Microsoft has released a set of patches for Office 2007, 2010, 2013, 2013 RT, 2016; SharePoint Server 2007, 2010, 2013; Office Compatibility Pack, Excel Viewer, Word Viewer, Office Web Apps 2010 and 2013, and Lync 2013 and 2016.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IReferences
Plugin Information:
Publication date: 2015/11/10, Modification date: 2016/07/06Ports
tcp/445
Product : Access 2016 - C:\Program Files (x86)\Microsoft Office\Office16\MsAccess.exe has not been patched. Remote version : 16.0.4266.1001 Fixed version : 16.0.6001.1038 Product : Excel 2016 - C:\Program Files (x86)\Microsoft Office\Office16\Excel.exe has not been patched. Remote version : 16.0.4266.1001 Fixed version : 16.0.6001.1038 Product : OneNote 2016 - C:\Program Files (x86)\Microsoft Office\Office16\OneNote.exe has not been patched. Remote version : 16.0.4266.1001 Fixed version : 16.0.6001.1038 Product : PowerPoint 2016 - C:\Program Files (x86)\Microsoft Office\Office16\ppcore.dll has not been patched. Remote version : 16.0.4266.1001 Fixed version : 16.0.6001.1038 Product : Publisher 2016 - C:\Program Files (x86)\Microsoft Office\Office16\Mspub.exe has not been patched. Remote version : 16.0.4266.1001 Fixed version : 16.0.6001.1038 Product : Word 2016 - C:\Program Files (x86)\Microsoft Office\Office16\WinWord.exe has not been patched. Remote version : 16.0.4266.1001 Fixed version : 16.0.6001.1038 Product : Skype for Business 2016 - C:\Program Files (x86)\Microsoft Office\Office16\Lync.exe has not been patched. Remote version : 16.0.4266.1001 Should be : 16.0.6001.1038
|
87253 - MS15-124: Cumulative Security Update for Internet Explorer (3116180) |
[-/+] |
Synopsis
The remote host has a web browser installed that is affected by multiple vulnerabilities.Description
The version of Internet Explorer installed on the remote host is missing Cumulative Security Update 3116180. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these issues by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2015/12/08, Modification date: 2016/04/29Ports
tcp/445
ASLR hardening settings for Internet Explorer in KB3125869 have not been applied. The following DWORD keys must be created with a value of 1: - HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING\iexplore.exe - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING\iexplore.exe
|
87257 - MS15-128: Security Update for Microsoft Graphics Component to Address Remote Code Execution (3104503) |
[-/+] |
Synopsis
The remote host is affected by multiple remote code execution vulnerabilities.Description
The remote Windows host is affected by multiple remote code execution vulnerabilities due to improper handling of embedded fonts by the Windows font library. A remote attacker can exploit these by convincing a user to open a file or visit a website containing a specially crafted embedded font, resulting in execution of arbitrary code in the context of the current user.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, 2012 R2, and 10. Additionally, Microsoft has released a set of patches for Office 2007, Office 2010, Word Viewer, Lync 2010, Lync 2010 Attendee, Lync 2013, Lync Basic 2013, Skype for Business 2016, Live Meeting 2007 Console, Silverlight; and .NET framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5.1, 4.5.2, and 4.6.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2015/12/08, Modification date: 2017/03/08Ports
tcp/445
Product : Skype for Business 2016 - C:\Program Files (x86)\Microsoft Office\Office16\Lync.exe has not been patched. Remote version : 16.0.4266.1001 Should be : 16.0.6001.1043
|
87260 - MS15-131: Security Update for Microsoft Office to Address Remote Code Execution (3116111) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple remote code execution vulnerabilities.Description
The remote Windows host has a version of Microsoft Office, Word, Word Viewer, Excel, Excel Viewer, or Microsoft Office Compatibility Pack installed that is affected by multiple remote code execution vulnerabilities : - Multiple memory corruption issues exist due to improper handling of objects in memory. A remote attacker can exploit these issues by convincing a user to open a specially crafted file in an affected version of Office, resulting in the execution of arbitrary code in the context of the current user. (CVE-2015-6040, CVE-2015-6118, CVE-2015-6122, CVE-2015-6124, CVE-2015-6177) - A remote code execution vulnerability exists due to improper parsing of email messages. A remote attacker can exploit this vulnerability by convincing a user to open or preview a specially crafted email message, resulting in the execution of arbitrary code in the context of the current user. (CVE-2015-6172)See Also
Solution
Microsoft has released a set of patches for Office 2007, 2010, 2013, 2013 RT, 2016, Word, Word Viewer, Excel, Excel Viewer, and Microsoft Office Compatibility Pack.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)STIG Severity
IReferences
Plugin Information:
Publication date: 2015/12/08, Modification date: 2017/03/08Ports
tcp/445
Product : Word 2016 - C:\Program Files (x86)\Microsoft Office\Office16\WinWord.exe has not been patched. Remote version : 16.0.4266.1001 Fixed version : 16.0.6001.1043
|
87882 - MS16-004: Security Update for Microsoft Office to Address Remote Code Execution (3124585) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple vulnerabilities.Description
The remote Windows host has a version of Microsoft Office, Word, Word Viewer, Excel, Excel Viewer, PowerPoint, Visio, SharePoint, Visual Basic, or Microsoft Office Compatibility Pack installed that is affected by multiple vulnerabilities : - Multiple cross-site scripting vulnerabilities exist in Microsoft SharePoint due to improper enforcement of Access Control Policy (ACP) configuration settings. A remote attacker can exploit these vulnerabilities, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2015-6117, CVE-2016-0011) - Multiple remote code execution vulnerabilities exist in Microsoft Office due to improper handling of objects in memory. An attacker can exploit these vulnerabilities by convincing a user to open a specially crafted file in Microsoft Office, resulting in execution of arbitrary code in the context of the current user. (CVE-2016-0010, CVE-2016-0035) - An information disclosure vulnerability exists in Microsoft Office due to a failure to use the Address Space Layout Randomization (ASLR) security feature. An attacker can exploit this to predict memory offsets of specific instructions in a call stack. (CVE-2016-0012)See Also
Solution
Microsoft has released a set of patches for Office 2007, 2010, 2013, 2013 RT, 2016, Word, Word Viewer, Excel, Excel Viewer, PowerPoint, Visio, SharePoint Server 2013, SharePoint Foundation 2013, Microsoft Office Compatibility Pack, and Visual Basic 6.0 Runtime.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IReferences
Plugin Information:
Publication date: 2016/01/12, Modification date: 2016/07/06Ports
tcp/445
Product : Microsoft Office 2016 - C:\Windows\SysWOW64\mscomctl.ocx has not been patched. Remote version : 6.1.98.39 Should be : 6.1.98.46 Product : Excel 2016 - C:\Program Files (x86)\Microsoft Office\Office16\Excel.exe has not been patched. Remote version : 16.0.4266.1001 Fixed version : 16.0.6366.2056 Product : Word 2016 - C:\Program Files (x86)\Microsoft Office\Office16\WinWord.exe has not been patched. Remote version : 16.0.4266.1001 Fixed version : 16.0.6366.2056
|
88146 - Oracle Database Multiple Vulnerabilities (January 2016 CPU) |
[-/+] |
Synopsis
The remote database server is affected by multiple vulnerabilities.Description
The remote Oracle Database Server is missing the January 2016 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities in the following components : - Database Vault (CVE-2015-4921) - Java VM (CVE-2016-0499) - Security (CVE-2016-0467) - Workspace Manager (CVE-2015-4925) - XDB - XML Database (CVE-2016-0461, CVE-2016-0472) - XML Developer's Kit for C (CVE-2015-4923)See Also
Solution
Apply the appropriate patch according to the January 2016 Oracle Critical Patch Update advisory.Risk Factor
HighCVSS Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)CVSS Temporal Score
6.7 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/01/25, Modification date: 2016/04/28Ports
tcp/445
The following vulnerable instance of Oracle Database is installed on the remote host : Ohome : c:\oracle\product\12.1.0\dbhome_1 Missing OJVM Patches : 22311086
|
88647 - MS16-015: Security Update for Microsoft Office to Address Remote Code Execution (3134226) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple vulnerabilities.Description
The remote Windows host has a version of Microsoft Office, Word, Word Viewer, Excel, Excel Viewer, SharePoint, Microsoft Office Compatibility Pack, or Office Web Apps installed that is affected by multiple vulnerabilities : - Multiple remote code execution vulnerabilities exist due to improper handling of objects in memory. A remote attacker can exploit these vulnerabilities by convincing a user to open a specially crafted file in Microsoft Office, resulting in the execution of arbitrary code in the context of the current user. (CVE-2016-0022, CVE-2016-0052, CVE-2016-0053, CVE-2016-0054, CVE-2016-0055, CVE-2015-0056) - A cross-site scripting vulnerability exists in SharePoint due to improper sanitization of specially crafted web requests. An authenticated, remote attacker can exploit this, via a specially crafted web request, to execute arbitrary script code in a user's browser session. (CVE-2016-0039)See Also
Solution
Microsoft has released a set of patches for Office 2007, 2010, 2013, 2013 RT, and 2016; Word, Word Viewer, Excel, Excel Viewer; SharePoint Server 2007, 2010, and 2013; SharePoint Foundation 2013, Microsoft Office Compatibility Pack, and Office Web Apps.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/02/09, Modification date: 2016/07/06Ports
tcp/445
Product : Excel 2016 - C:\Program Files (x86)\Microsoft Office\Office16\Excel.exe has not been patched. Remote version : 16.0.4266.1001 Fixed version : 16.0.6366.2068 Product : Word 2016 - C:\Program Files (x86)\Microsoft Office\Office16\WinWord.exe has not been patched. Remote version : 16.0.4266.1001 Fixed version : 16.0.6366.2068
|
89752 - MS16-029: Security Update for Microsoft Office to Address Remote Code Execution (3141806) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple vulnerabilities.Description
The remote Windows host has a version of Microsoft Office, Office Compatibility Pack, Office Web Apps, Microsoft SharePoint, Microsoft Word, or Word Viewer installed that is affected by multiple vulnerabilities : - Multiple remote code execution vulnerabilities exist in Microsoft Office software due to improper handling of objects in memory. An attacker can exploit these, by convincing a user to open a specially crafted file, to execute arbitrary code in the context of the current user. (CVE-2016-0021, CVE-2016-0134) - A security feature bypass vulnerability exists in Microsoft Office software due to an improperly signed binary file. An attacker with write access to the target host can exploit this, by overwriting the file with a malicious binary with a similar configuration, to execute arbitrary code. (CVE-2016-0057).See Also
Solution
Microsoft has released a set of patches for Office 2007, 2010, 2013, 2013 RT, and 2016; Microsoft InfoPath 2007, 2010 and 2013; Microsoft Word 2007, 2010, 2013, 2013 RT, and 2016; Word Viewer; SharePoint Server 2010 and 2013; Microsoft Office Compatibility Pack; and Office Web Apps 2010 and 2013.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/03/08, Modification date: 2016/07/18Ports
tcp/445
Product : Word 2016 - C:\Program Files (x86)\Microsoft Office\Office16\WinWord.exe has not been patched. Remote version : 16.0.4266.1001 Fixed version : 16.0.6568.2034
|
90431 - MS16-037: Cumulative Security Update for Internet Explorer (3148531) |
[-/+] |
Synopsis
The remote host has a web browser installed that is affected by multiple vulnerabilities.Description
The version of Internet Explorer installed on the remote host is missing Cumulative Security Update 3148531. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these issues by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.See Also
Solution
Microsoft has released a set of patches for Internet Explorer 9, 10, and 11.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)References
Exploitable with
Core Impact (true)Plugin Information:
Publication date: 2016/04/12, Modification date: 2016/07/18Ports
tcp/445
- C:\Windows\system32\mshtml.dll has not been patched. Remote version : 11.0.9600.18231 Should be : 11.0.9600.18281
|
90433 - MS16-039: Security Update for Microsoft Graphics Component (3148522) |
[-/+] |
Synopsis
The remote host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - Multiple elevation of privilege vulnerabilities exist in the Windows kernel-mode driver due to a failure to properly handle objects in memory. An attacker can exploit these vulnerabilities to execute arbitrary code in kernel mode. (CVE-2016-0143, CVE-2016-0165, CVE-2016-0167) - A remote code execution vulnerability exists in the Windows font library due to improper handling of embedded fonts. An attacker can exploit this vulnerability by convincing a user to open a file or visit a website containing specially crafted embedded fonts, resulting in the execution of arbitrary code in the context of the current user. (CVE-2016-0145)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10. Additionally, Microsoft has released a set of patches for Office 2007, Office 2010, Word Viewer, Skype for Business 2016, Lync 2010, Lync 2013, Live Meeting 2007 Console, .NET framework 3.0 SP2, .NET framework 3.5, and .NET framework 3.5.1.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:ND)STIG Severity
IIReferences
Exploitable with
Core Impact (true)Plugin Information:
Publication date: 2016/04/12, Modification date: 2016/07/18Ports
tcp/445
- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll has not been patched. Remote version : 3.0.6920.8010 Should be : 3.0.6920.8712 Product : Skype for Business 2016 - C:\Program Files (x86)\Microsoft Office\Office16\Lync.exe has not been patched. Remote version : 16.0.4266.1001 Should be : 16.0.6769.2017 - C:\Windows\system32\win32k.sys has not been patched. Remote version : 6.3.9600.18228 Should be : 6.3.9600.18290
|
90434 - MS16-040: Security Update for Microsoft XML Core Services (3148541) |
[-/+] |
Synopsis
The remote host is affected by a remote code execution vulnerability.Description
The remote Windows host is affected by a remote code execution vulnerability in the Microsoft XML Core Services (MSXML) parser due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this vulnerability, by convincing a user to visit a specially-crafted website that is designed to invoke MSXML through Internet Explorer, to execute arbitrary code in the context of the current user.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/04/12, Modification date: 2017/03/21Ports
tcp/445
- C:\Windows\system32\Msxml3.dll has not been patched. Remote version : 8.110.9600.17931 Should be : 8.110.9600.18258
|
90436 - MS16-042: Security Update for Microsoft Office (3148775) |
[-/+] |
Synopsis
An application installed on the remote Windows host is affected by multiple remote code execution vulnerabilities.Description
The version of Microsoft Office installed on the remote Windows host is affected by multiple remote code execution vulnerabilities due to improper handling of objects in memory. A remote attacker can exploit these issues by convincing a user to open a specially crafted file in Microsoft Office, resulting in the execution of arbitrary code in the context of the current user.See Also
Solution
Microsoft has released a set of patches for Microsoft Office 2010; Microsoft Word 2007, 2010, 2013, and 2013 RT; Microsoft Excel 2007, 2010, 2013, 2013 RT, and 2016; Word Viewer; Excel Viewer; SharePoint Server 2007, 2010, and 2013; Microsoft Office Compatibility Pack; and Office Web Apps 2010 and 2013.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/04/12, Modification date: 2016/09/28Ports
tcp/445
Product : Excel 2016 - C:\Program Files (x86)\Microsoft Office\Office16\Excel.exe has not been patched. Remote version : 16.0.4266.1001 Fixed version : 16.0.4366.1000 Product : Excel 2016 - C:\Program Files (x86)\Microsoft Office\Office16\Excel.exe has not been patched. Remote version : 16.0.4266.1001 Fixed version : 16.0.6769.2017
|
90437 - MS16-044: Security Update for Windows OLE (3146706) |
[-/+] |
Synopsis
The remote Windows host is affected by a remote code execution vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by a remote code execution vulnerability in Windows OLE due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this vulnerability by convincing a user to open a specially crafted file, resulting in the execution of arbitrary code in the context of the current user.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, and 2012 R2.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/04/12, Modification date: 2016/07/18Ports
tcp/445
- C:\Windows\system32\ole32.dll has not been patched. Remote version : 6.3.9600.18227 Should be : 6.3.9600.18256
|
90441 - MS16-048: Security Update for CSRSS (3148528) |
[-/+] |
Synopsis
The remote host is affected by a security feature bypass vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by a security feature bypass vulnerability in the Client-Server Run-time Subsystem (CSRSS) due to improper management of process tokens in memory. A local attacker can exploit this vulnerability, via a specially crafted application, to escalate privileges and execute arbitrary code as an administrator.See Also
Solution
Microsoft has released a set of patches for Windows 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.6 (CVSS2#E:POC/RL:OF/RC:ND)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/04/12, Modification date: 2016/07/18Ports
tcp/445
- C:\Windows\system32\basesrv.dll has not been patched. Remote version : 6.3.9600.17933 Should be : 6.3.9600.18258
|
90625 - Oracle Java SE Multiple Vulnerabilities (April 2016 CPU) |
[-/+] |
Synopsis
The remote Windows host contains a programming platform that is affected by multiple vulnerabilities.Description
The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 8 Update 91, 7 Update 101, or 6 Update 115. It is, therefore, affected by security vulnerabilities in the following subcomponents : - 2D - Deployment - Hotspot - JAXP - JCE - JMX - Security - SerializationSee Also
Solution
Upgrade to Oracle JDK / JRE 8 Update 91, 7 Update 101, or 6 Update 115 or later. If necessary, remove any affected versions. Note that an Extended Support contract with Oracle is needed to obtain JDK / JRE 6 Update 115 or later.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/04/21, Modification date: 2016/07/25Ports
tcp/445
The following vulnerable instance of Java is installed on the remote host : Path : C:\Program Files (x86)\Java\jre1.8.0_73 Installed version : 1.8.0_73 Fixed version : 1.6.0_115 / 1.7.0_101 / 1.8.0_91
|
90762 - Oracle Database Multiple Vulnerabilities (April 2016 CPU) |
[-/+] |
Synopsis
The remote database server is affected by multiple vulnerabilities.Description
The remote Oracle Database Server is missing the April 2016 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities in the following components : - An unspecified flaw exists in the RDBMS Security component that allows a local attacker to cause a denial of service condition. (CVE-2016-0677) - An unspecified flaw exists in the Oracle OLAP component that allows a local attacker to gain elevated privileges. (CVE-2016-0681) - Multiple unspecified flaws exist in the RDBMS Security component that allow a local attacker to impact integrity. (CVE-2016-0690, CVE-2016-0691) - An unspecified flaw exists in the Java VM component that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-3454)See Also
Solution
Apply the appropriate patch according to the April 2016 Oracle Critical Patch Update advisory.Risk Factor
HighCVSS v3.0 Base Score
9.0 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.8 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.6 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/04/27, Modification date: 2016/12/07Ports
tcp/445
The following vulnerable instance of Oracle Database is installed on the remote host : Ohome : c:\oracle\product\12.1.0\dbhome_1 Missing DB Patches : 22809813 Missing OJVM Patches : 22839633
|
90828 - Oracle Java SE Hotspot JSR 292 Method Handles RCE |
[-/+] |
Synopsis
The remote Windows host contains a programming platform that is affected by an arbitrary code execution vulnerability.Description
The version of Oracle Java SE or Java for Business installed on the remote host is affected by an arbitrary code execution vulnerability in the Hotspot subcomponent due to an unsafe implementation of the Reflection API, which improperly processes JSR 292 method handles due to a lack of enforcement of class loader constraints. A remote attacker can exploit this, by convincing a user to visit a malicious web page, to execute arbitrary code outside the Java sandbox.See Also
Solution
Upgrade to Oracle JDK / JRE 8 Update 77, 7 Update 99 or later. If necessary, remove any affected versions.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/05/02, Modification date: 2016/05/03Ports
tcp/445
The following vulnerable instance of Java is installed on the remote host : Path : C:\Program Files (x86)\Java\jre1.8.0_73 Installed version : 1.8.0_73 Fixed version : 1.7.0_99 / 1.8.0_77
|
91001 - MS16-051: Cumulative Security Update for Internet Explorer (3155533) |
[-/+] |
Synopsis
The remote host has a web browser installed that is affected by multiple vulnerabilities.Description
The version of Internet Explorer installed on the remote host is missing Cumulative Security Update 3155533. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these issues by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.See Also
Solution
Microsoft has released a set of patches for Internet Explorer 9, 10, and 11.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:ND)References
Exploitable with
Core Impact (true)Metasploit (true)Plugin Information:
Publication date: 2016/05/10, Modification date: 2016/12/09Ports
tcp/445
- C:\Windows\system32\mshtml.dll has not been patched. Remote version : 11.0.9600.18231 Should be : 11.0.9600.18321
|
91004 - MS16-054: Security Update for Microsoft Office (3155544) |
[-/+] |
Synopsis
An application installed on the remote Windows host is affected by multiple remote code execution vulnerabilities.Description
The version of Microsoft Office installed on the remote Windows host is affected by multiple vulnerabilities : - Multiple remote code execution vulnerabilities exist due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to visit a specially crafted website or open a specially crafted file, resulting in the execution of arbitrary code in the context of the current user. (CVE-2016-0126, CVE-2016-0140, CVE-2016-0198) - A remote code execution vulnerability exists in the Windows Font library due to improper handling of embedded fonts. An unauthenticated, remote attacker can exploit this by convincing a user to visit a specially crafted website or open a specially crafted file, resulting in the execution arbitrary code in the context of the current user. (CVE-2016-0183)See Also
Solution
Microsoft has released a set of patches for Microsoft Office 2007, 2010, 2013, 2013 RT, and 2016; Microsoft Word 2007, 2010, 2013, 2013 RT, and 2016; Word Viewer; Microsoft Office Compatibility Pack; Office Web Apps 2010; and Microsoft SharePoint Server 2010.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/05/10, Modification date: 2016/07/13Ports
tcp/445
Product : Word 2016 - C:\Program Files (x86)\Microsoft Office\Office16\WinWord.exe has not been patched. Remote version : 16.0.4266.1001 Fixed version : 16.0.6868.2062
|
91005 - MS16-055: Security Update for Microsoft Graphics Component (3156754) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - Multiple information disclosure vulnerabilities exist in the Windows Graphics component. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to visit a specially crafted website or open open a specially crafted document, resulting in the disclosure of memory contents. (CVE-2016-0168, CVE-2016-0169) - A remote code execution vulnerability exists in the Windows Graphics component due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this vulnerability by convincing a user t visit a specially crafted website or open open a specially crafted document, resulting in the execution of arbitrary code in the context of the current user. (CVE-2016-0170) - A remote code execution vulnerability exists in the Direct3D component due to a use-after-free error. An unauthenticated, remote attacker can exploit this vulnerability by convincing a user to visit a specially crafted website or open open a specially crafted document, resulting in the execution of arbitrary code in the context of the current user. (CVE-2016-0170) - A remote code execution vulnerability exists in the Windows Imaging component due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this vulnerability by convincing a user t visit a specially crafted website or open open a specially crafted document, resulting in the execution of arbitrary code in the context of the current user. (CVE-2016-0195)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/05/10, Modification date: 2016/07/13Ports
tcp/445
- C:\Windows\system32\Windowscodecs.dll has not been patched. Remote version : 6.3.9600.17669 Should be : 6.3.9600.18302
|
91007 - MS16-057: Security Update for Windows Shell (3156987) |
[-/+] |
Synopsis
The remote host is affected by a remote code execution vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by a remote code execution vulnerability in Windows Shell due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this vulnerability by convincing a user to visit a crafted website, resulting in the execution of arbitrary code in the context of the current user.See Also
Solution
Microsoft has released a set of patches for Windows 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/05/10, Modification date: 2016/07/13Ports
tcp/445
- C:\Windows\system32\Windows.ui.dll has not been patched. Remote version : 6.3.9600.17415 Should be : 6.3.9600.18302
|
91010 - MS16-060: Security Update for Windows Kernel (3154846) |
[-/+] |
Synopsis
The remote Windows host is affected by a privilege escalation vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by a privilege escalation vulnerability due to improper parsing of certain symbolic links. A local attacker can exploit this vulnerability, via a specially crafted application, to access privileged registry keys, resulting in an elevation of privileges.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, RT, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/05/10, Modification date: 2016/07/13Ports
tcp/445
- C:\Windows\system32\ntoskrnl.exe has not been patched. Remote version : 6.3.9600.18202 Should be : 6.3.9600.18289
|
91011 - MS16-061: Security Update for Microsoft RPC (3155520) |
[-/+] |
Synopsis
The remote Windows host is affected by a remote code execution vulnerability.Description
The remote Windows host is affected by a remote code execution vulnerability in the Microsoft RPC Network Data Representation (NDR) Engine due to improper handling of memory. An authenticated, remote attacker can exploit this vulnerability, via malformed RPC requests, to execute arbitrary code.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)CVSS Temporal Score
6.7 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IReferences
Plugin Information:
Publication date: 2016/05/10, Modification date: 2016/07/13Ports
tcp/445
- C:\Windows\system32\Rpcrt4.dll has not been patched. Remote version : 6.3.9600.17919 Should be : 6.3.9600.18292
|
91012 - MS16-062: Security Update for Windows Kernel-Mode Drivers (3158222) |
[-/+] |
Synopsis
The remote host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - Multiple privilege escalation vulnerabilities exist in the Windows kernel-mode driver due to a failure to properly handle objects in memory. An authenticated, remote attacker can exploit this, via a crafted application, to execute arbitrary code. (CVE-2016-0171, CVE-2016-0173, CVE-2016-0174, CVE-2016-0196) - A security feature bypass vulnerability exists in the Windows kernel. An authenticated, remote attacker can exploit this, via a crafted application, to bypass the Kernel Address Space Layout Randomization (KASLR) feature and retrieve the memory address of a kernel object. (CVE-2016-0175) - A privilege escalation vulnerability exists in the DirectX Graphics kernel subsystem due to a failure to properly handle objects in memory. An authenticated, remote attacker can exploit this, via a crafted application, to execute arbitrary code. (CVE-2016-0176) - A privilege escalation vulnerability exists in the DirectX Graphics kernel subsystem due to a failure to correctly map kernel memory and to handle objects in memory. An authenticated, remote attacker can exploit this, via a crafted application, to execute arbitrary code. (CVE-2016-0197)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)CVSS Temporal Score
7.4 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/05/10, Modification date: 2016/07/13Ports
tcp/445
- C:\Windows\system32\win32k.sys has not been patched. Remote version : 6.3.9600.18228 Should be : 6.3.9600.18302
|
91596 - MS16-063: Cumulative Security Update for Internet Explorer (3163649) |
[-/+] |
Synopsis
The remote host has a web browser installed that is affected by multiple vulnerabilities.Description
The version of Internet Explorer installed on the remote host is missing Cumulative Security Update 3163649. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these issues by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.See Also
Solution
Microsoft has released a set of patches for Internet Explorer 9, 10, and 11. Note that the security update in MS16-077 must also be installed in order to fully resolve CVE-2016-3213.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)References
Exploitable with
Core Impact (true)Plugin Information:
Publication date: 2016/06/14, Modification date: 2017/02/06Ports
tcp/445
- C:\Windows\system32\mshtml.dll has not been patched. Remote version : 11.0.9600.18231 Should be : 11.0.9600.18349 The remote host is missing MS16-077.
|
91600 - MS16-072: Security Update for Group Policy (3163622) |
[-/+] |
Synopsis
The remote host is affected by an elevation of privilege vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by an elevation of privilege vulnerability due to a lack of Kerberos authentication for certain calls over LDAP when processing group policy updates. A man-in-the-middle attacker can exploit this vulnerability to create arbitrary group policies and grant a standard user elevated, administrative privileges.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS Base Score
7.1 (CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C)CVSS Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IReferences
Plugin Information:
Publication date: 2016/06/14, Modification date: 2016/07/13Ports
tcp/445
- C:\Windows\system32\gpprefcl.dll has not been patched. Remote version : 6.3.9600.17415 Should be : 6.3.9600.18339
|
91601 - MS16-073: Security Update for Windows Kernel-Mode Drivers (3164028) |
[-/+] |
Synopsis
The remote host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - Multiple elevation of privilege vulnerabilities exist in the kernel-mode driver due to improper handling of objects in memory. An authenticated, remote attacker can exploit these, via a specially crafted application, to run arbitrary code in kernel mode. (CVE-2016-3218, CVE-2016-3221) - An information disclosure vulnerability exists in the Windows Virtual PCI (VPCI) virtual service provider (VSP) due to improper handling of uninitialized memory. An authenticated, remote attacker can exploit this, via a specially crafted application, to disclose sensitive memory contents. (CVE-2016-3232)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)CVSS Temporal Score
6.7 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/06/14, Modification date: 2016/07/18Ports
tcp/445
- C:\Windows\system32\drivers\vpcivsp.sys has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18340 - C:\Windows\system32\win32k.sys has not been patched. Remote version : 6.3.9600.18228 Should be : 6.3.9600.18340
|
91602 - MS16-074: Security Update for Microsoft Graphics Component (3164036) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the Windows Graphics Component due to a failure to properly handle objects in memory. A local attacker can exploit this to disclose memory contents. (CVE-2016-3216) - An elevation of privilege vulnerability exists due to a failure to properly handle objects in memory. A local attacker can exploit this vulnerability, via a specially crafted application, to run processes in an elevated context. (CVE-2016-3219) - An elevation of privilege vulnerability exists in the Adobe Type Manager Font Driver due to improper handling of objects in memory. A local attacker can exploit this vulnerability, via a specially crafted application, to execute arbitrary code in an elevated context. (CVE-2016-3220)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.6 (CVSS2#E:POC/RL:OF/RC:ND)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/06/14, Modification date: 2016/07/13Ports
tcp/445
- C:\Windows\system32\atmfd.dll has not been patched. Remote version : 5.1.2.247 Should be : 5.1.2.248
|
91603 - MS16-075: Security Update for Windows SMB Server (3164038) |
[-/+] |
Synopsis
The remote Windows host is affected by an elevation of privilege vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by an elevation of privilege vulnerability in the Microsoft Server Message Block (SMB) server when handling forwarded credential requests that are intended for another service running on the same host. An authenticated attacker can exploit this, via a specially crafted application, to execute arbitrary code with elevated permissions.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)CVSS Temporal Score
6.7 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/06/14, Modification date: 2016/07/13Ports
tcp/445
- C:\Windows\system32\drivers\srvnet.sys has not been patched. Remote version : 6.3.9600.17222 Should be : 6.3.9600.18340
|
91604 - MS16-076: Security Update for Netlogon (3167691) |
[-/+] |
Synopsis
The remote Windows host is affected by a remote code execution vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by a remote code execution vulnerability due to improper handling of objects in memory. A domain-authenticated attacker can exploit this, via a specially crafted Netlogon request to a domain controller, to execute arbitrary code.See Also
Solution
Microsoft has released a set of patches for Windows 2008, 2008 R2, 2012, and 2012 R2.Risk Factor
HighCVSS Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)CVSS Temporal Score
6.7 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/06/14, Modification date: 2016/07/13Ports
tcp/445
- C:\Windows\system32\wdigest.dll has not been patched. Remote version : 6.3.9600.17415 Should be : 6.3.9600.18334
|
91607 - MS16-080: Security Update for Microsoft Windows PDF (3164302) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - Multiple information disclosure vulnerabilities exist due to improper parsing of .pdf files. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to open a specially crafted .pdf file, resulting in the disclosure of sensitive information in the context of the current user. (CVE-2016-3201, CVE-2016-3215) - A remote code execution vulnerability exists due to improper parsing of .pdf files. An unauthenticated, remote attacker can exploit this vulnerability by convincing a user to open a specially crafted .pdf file, resulting in the execution of arbitrary code in the context of the current user. (CVE-2016-3203)See Also
Solution
Microsoft has released a set of patches for Windows 2012, 8.1, 2012 R2, and 10.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/06/14, Modification date: 2016/07/13Ports
tcp/445
- C:\Windows\system32\glcndfilter.dll has not been patched. Remote version : 6.3.9600.18229 Should be : 6.3.9600.18336
|
91611 - MS16-070: Security Update for Microsoft Office (3163610) |
[-/+] |
Synopsis
An application installed on the remote Windows host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities in Microsoft Office : - Multiple remote code execution vulnerabilities exist due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit these by convincing a user to open a specially crafted file or visit a website that hosts such a file, resulting in the execution of arbitrary code in the context of the user. (CVE-2016-0025, CVE-2016-3233) - An flaw exists due to improper disclosure of memory contents. An unauthenticated, remote attacker can exploit this by convincing a user to open a specially crafted file, resulting in the disclosure of potentially sensitive information. (CVE-2016-3234) - A flaw exists due to improper validation of input before loading OLE library files. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code. (CVE-2016-3235)See Also
Solution
Microsoft has released a set of patches for Microsoft Office 2007, 2010, 2013, 2013 RT, and 2016; Microsoft Word 2007, 2010, 2013, 2013 RT, and 2016; Microsoft Excel 2007 and 2010; Microsoft Visio 2007, 2010, 2013, and 2016; Visio Viewer 2007 and 2010; Word Viewer; Microsoft Office Compatibility Pack; Office Web Apps 2010 and 2013; Microsoft SharePoint Server 2010 and 2013; and Office Online Server.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IIReferences
Exploitable with
Metasploit (true)Plugin Information:
Publication date: 2016/06/15, Modification date: 2016/11/23Ports
tcp/445
Product : Word 2016 - C:\Program Files (x86)\Microsoft Office\Office16\WinWord.exe has not been patched. Remote version : 16.0.4266.1001 Fixed version : 16.0.6965.2058
|
92015 - MS16-084: Cumulative Security Update for Internet Explorer (3169991) |
[-/+] |
Synopsis
The remote host has a web browser installed that is affected by multiple vulnerabilities.Description
The version of Internet Explorer installed on the remote host is missing Cumulative Security Update 3169991. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these issues by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.See Also
Solution
Microsoft has released a set of patches for Internet Explorer 9, 10, and 11.Risk Factor
HighCVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
8.8 (CVSS:3.0/E:P/RL:O/RC:C)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/07/12, Modification date: 2017/03/22Ports
tcp/445
- C:\Windows\system32\mshtml.dll has not been patched. Remote version : 11.0.9600.18231 Should be : 11.0.9600.18378
|
92018 - MS16-087: Security Update for Windows Print Spooler (3170005) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the Windows Print Spooler service due to improper validation of print drivers while installing a printer from network servers. An unauthenticated, remote attacker can exploit this vulnerability, via a man-in-the-middle attack on a workstation or print server or via a rogue print server, to execute arbitrary code in the context of the current user. (CVE-2016-3238) - An elevation of privilege vulnerability exists in the Windows Print Spooler service due to improperly allowing arbitrary writing to the file system. An attacker can exploit this issue, via a specially crafted script or application, to execute arbitrary code with elevated system privileges. (CVE-2016-3239)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/07/12, Modification date: 2016/08/03Ports
tcp/445
- C:\Windows\System32\ntprint.dll has not been patched. Remote version : 6.3.9600.17415 Should be : 6.3.9600.18398
|
92019 - MS16-088: Security Update for Microsoft Office (3170008) |
[-/+] |
Synopsis
An application installed on the remote Windows host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - Multiple remote code execution vulnerabilities exist in Microsoft Office software due to improper handling of objects in memory. A remote attacker can exploit these vulnerabilities by convincing a user to open a specially crafted Office file, resulting in the execution of arbitrary code in the context of the current user. (CVE-2016-3278, CVE-2016-3280, CVE-2016-3281, CVE-2016-3282, CVE-2016-3283, CVE-2016-3284) - A remote code execution vulnerability exists in Microsoft Office software due to improper handling of XLA files. A remote attacker can exploit this vulnerability by convincing a user to open a specially crafted XLA file in Office, resulting in the execution of arbitrary code in the context of the current user. (CVE-2016-3279)See Also
Solution
Microsoft has released a set of patches for Microsoft Office 2007, 2010, 2013, 2013 RT, and 2016; Microsoft Word 2007, 2010, 2013, 2013 RT, and 2016; Microsoft Excel 2007, 2010, 2013, 2013 RT, and 2016; Microsoft Outlook 2010, 2013, 2013 RT, and 2016; Microsoft PowerPoint 2010, 2013, and 2013 RT; Excel Viewer; Word Viewer; Microsoft Office Compatibility Pack; Office Web Apps 2010 and 2013; Microsoft SharePoint Server 2010, 2013 and 2016; Microsoft SharePoint Foundation 2010 and 2013; and Office Online Server.Risk Factor
HighCVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/07/12, Modification date: 2017/02/10Ports
tcp/445
Product : Excel 2016 - C:\Program Files (x86)\Microsoft Office\Office16\Excel.exe has not been patched. Remote version : 16.0.4266.1001 Fixed version : 16.0.7070.2026 Product : Word 2016 - C:\Program Files (x86)\Microsoft Office\Office16\WinWord.exe has not been patched. Remote version : 16.0.4266.1001 Fixed version : 16.0.7070.2026 Product : Outlook 2016 - C:\Program Files (x86)\Microsoft Office\Office16\Outlook.exe has not been patched. Remote version : 16.0.4266.1001 Fixed version : 16.0.7070.2026
|
92021 - MS16-090: Security Update for Windows Kernel-Mode Drivers (3171481) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - Multiple elevation of privilege vulnerabilities exist in the kernel-mode driver due to improper handling of objects in memory. An authenticated, remote attacker can exploit these, via a specially crafted application, to run arbitrary code in kernel mode. (CVE-2016-3249, CVE-2016-3250, CVE-2016-3252, CVE-2016-3254, CVE-2016-3286) - An information disclosure vulnerability exists in the Windows GDI component due improper handling of objects in memory. An authenticated, remote attacker can exploit this, via a specially crafted application, to disclose kernel memory addresses. (CVE-2016-3251)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, 2012 R2, and 10.Risk Factor
HighCVSS Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)CVSS Temporal Score
7.0 (CVSS2#E:POC/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/07/12, Modification date: 2017/03/21Ports
tcp/445
- C:\Windows\system32\win32k.sys has not been patched. Remote version : 6.3.9600.18228 Should be : 6.3.9600.18377
|
92023 - MS16-092: Security Update for Windows Kernel (3171910) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability exists in the Windows kernel due to improper validation of how a low integrity application can use certain object manager features. An attacker can exploit this issue to take advantage of time-of-check time-of-use (TOCTOU) issues in file path-based checks from a low integrity application, allowing the attacker to modify files outside of a low integrity level application. (CVE-2016-3258) - An information disclosure vulnerability exists in the Windows kernel due to a failure to properly handle certain page fault system calls. A local attacker can exploit this, via a specially crafted application, to disclose information from one process to another. (CVE-2016-3272)See Also
Solution
Microsoft has released a set of patches for Windows 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/07/12, Modification date: 2016/08/03Ports
tcp/445
The registry does not contain the update to DisablePageCombining - C:\Windows\system32\ntoskrnl.exe has not been patched. Remote version : 6.3.9600.18202 Should be : 6.3.9600.18378
|
92025 - MS16-094: Security Update for Secure Boot (3177404) |
[-/+] |
Synopsis
The remote host is affected by a security bypass vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by a security bypass vulnerability in the Secure Boot component due to improperly applying an affected policy. An attacker who has either administrative privileges or access to the host can exploit this issue, via installing a crafted policy, to disable code integrity checks, thus allowing test-signed executables and drivers to be loaded on the target host. Moreover, the attacker can exploit this issue to bypass the Secure Boot integrity validation for BitLocker and the device encryption security features.See Also
Solution
Microsoft has released a set of patches for Windows 2012, 8.1, RT 8.1, 2012 R2, and 10Risk Factor
HighCVSS Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)CVSS Temporal Score
6.7 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/07/12, Modification date: 2016/08/03Ports
tcp/445
The relevant update does not appear to be installed. This was determined by checking the contents of : C:\Windows\System32\CodeIntegrity\driver.stl
|
92522 - Oracle Database Multiple Vulnerabilities (July 2016 CPU) (FREAK) |
[-/+] |
Synopsis
The remote database server is affected by multiple vulnerabilities.Description
The remote Oracle Database Server is missing the July 2016 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability, known as FREAK (Factoring attack on RSA-EXPORT Keys), exists in the RDBMS HTTPS Listener package due to the support of weak EXPORT_RSA cipher suites with keys less than or equal to 512 bits. A man-in-the-middle attacker may be able to downgrade the SSL/TLS connection to use EXPORT_RSA cipher suites which can be factored in a short amount of time, allowing the attacker to intercept and decrypt the traffic. (CVE-2015-0204) - An unspecified vulnerability exists in the Application Express component that allows an unauthenticated, remote attacker to impact confidentiality and integrity. (CVE-2016-3448) - An unspecified vulnerability exists in the Application Express component that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2016-3467) - An unspecified vulnerability exists in the Portable Clusterware component that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2016-3479) - An unspecified vulnerability exists in the Database Vault component that allows a local attacker to impact confidentiality and integrity. (CVE-2016-3484) - An unspecified vulnerability exists in the DB Sharding component that allows a local attacker to impact integrity. (CVE-2016-3488) - An unspecified vulnerability exists in the Data Pump Import component that allows a local attacker to to gain elevated privileges. (CVE-2016-3489) - An unspecified vulnerability exists in the JDBC component that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-3506) - An unspecified vulnerability exists in the OJVM component that allows an authenticated, remote attacker to execute arbitrary code. (CVE-2016-3609)See Also
Solution
Apply the appropriate patch according to the July 2016 Oracle Critical Patch Update advisory.Risk Factor
HighCVSS v3.0 Base Score
9.0 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)CVSS Base Score
8.5 (CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C)CVSS Temporal Score
6.3 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/07/22, Modification date: 2016/12/07Ports
tcp/445
The following vulnerable instance of Oracle Database is installed on the remote host : Ohome : c:\oracle\product\12.1.0\dbhome_1 Missing DB Patches : 23530387 Missing OJVM Patches : 23515290
|
92819 - MS16-095: Cumulative Security Update for Internet Explorer (3177356) |
[-/+] |
Synopsis
The remote host has a web browser installed that is affected by multiple vulnerabilities.Description
The version of Internet Explorer installed on the remote Windows host is missing Cumulative Security Update 3177356. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.See Also
Solution
Microsoft has released a set of patches for Internet Explorer 9, 10, and 11.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/08/09, Modification date: 2016/12/09Ports
tcp/445
- C:\Windows\system32\mshtml.dll has not been patched. Remote version : 11.0.9600.18231 Should be : 11.0.9600.18427
|
92821 - MS16-098: Security Update for Windows Kernel-Mode Drivers (3178466) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities in the Windows kernel-mode driver due to a failure to properly handle objects in memory. An authenticated, remote attacker can exploit these issues, via a crafted application, to execute arbitrary code in kernel mode.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)CVSS Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)CVSS Temporal Score
7.4 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IIReferences
Exploitable with
Core Impact (true)Plugin Information:
Publication date: 2016/08/09, Modification date: 2017/01/06Ports
tcp/445
- C:\Windows\system32\win32k.sys has not been patched. Remote version : 6.3.9600.18228 Should be : 6.3.9600.18405
|
92822 - MS16-100: Security Update for Secure Boot (3179577) |
[-/+] |
Synopsis
The remote Windows host is affected by a security bypass vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by a security bypass vulnerability in Secure Boot due to improper handling of malicious boot managers. An attacker with administrative privileges can exploit this vulnerability to bypass code integrity checks and load test-signed executables and drivers.See Also
Solution
Microsoft has released a set of patches for Windows 2012, 8.1, RT 8.1, 2012 R2, and 10. Alternatively, as a workaround, configure BitLocker to use Trusted Platform Module (TPM)+PIN protection or disable Secure Boot integrity protection of BitLocker per the vendor advisory.Risk Factor
HighCVSS v3.0 Base Score
7.2 (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)CVSS Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)CVSS Temporal Score
6.7 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/08/09, Modification date: 2016/12/09Ports
tcp/445
- C:\Windows\system32\tpmtasks.dll has not been patched. Remote version : 6.3.9600.17415 Should be : 6.3.9600.18408
|
92823 - MS16-101: Security Update for Windows Authentication Methods (3178465) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - A security downgrade vulnerability exists in Kerberos due to improper handling of password change requests. A man-in-the-middle attacker can exploit this to cause the authentication protocol to fall back to the NT LAN Manager (NTLM) authentication protocol, resulting in a bypass of Kerberos authentication. (CVE-2016-3237) - An elevation of privilege vulnerability exists in Windows Netlogon due to a failure to properly establish secure communications to a domain controller. A local attacker who has access to a domain-joined machine that points to a domain controller running either Windows Server 2012 or 2012 R2 can exploit this vulnerability to gain elevated privileges via a specially crafted application. (CVE-2016-3300)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.0 (CVSS:3.0/E:P/RL:O/RC:C)CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.6 (CVSS2#E:POC/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/08/09, Modification date: 2016/12/09Ports
tcp/445
- C:\Windows\system32\netlogon.dll has not been patched. Remote version : 6.3.9600.17901 Should be : 6.3.9600.18405
|
92824 - MS16-102: Security Update for Microsoft Windows PDF Library (3182248) |
[-/+] |
Synopsis
The remote Windows host is affected by a remote code execution vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by a remote code execution vulnerability in the Microsoft Windows PDF Library due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this vulnerability by convincing a user to open a specially crafted PDF file or visit a website containing specially crafted PDF content, resulting in the execution of arbitrary code in the context of the current user.See Also
Solution
Microsoft has released a set of patches for Windows 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/08/09, Modification date: 2016/12/09Ports
tcp/445
- C:\Windows\system32\windows.data.pdf.dll has not been patched. Remote version : 6.3.9600.18229 Should be : 6.3.9600.18403
|
92839 - MS16-099: Security Update for Microsoft Office (3177451) |
[-/+] |
Synopsis
An application installed on the remote Windows host is affected by multiple vulnerabilities.Description
The Microsoft Office application installed on the remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - Multiple memory corruption issues exist in Microsoft Office software due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit these issues, by convincing a user to open a specially crafted file, to execute arbitrary code in the context of the current user. (CVE-2016-3313, CVE-2016-3316, CVE-2016-3317, CVE-2016-3318) - An information disclosure vulnerability exists in Microsoft OneNote due to an unspecified flaw. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted OneNote file, to disclose sensitive memory contents. (CVE-2016-3315)See Also
Solution
Microsoft has released a set of patches for Microsoft Office 2007, 2010, 2013, 2013 RT, and 2016; Microsoft Word 2007, 2010, 2013, 2013 RT, and 2016; Microsoft OneNote 2007, 2010, 2013, 2013 RT, and 2016; Microsoft Outlook 2007, 2010, 2013, and 2016; and Word Viewer.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.9 (CVSS:3.0/E:P/RL:O/RC:X)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:ND)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/08/10, Modification date: 2016/12/09Ports
tcp/445
Product : Word 2016 - C:\Program Files (x86)\Microsoft Office\Office16\WinWord.exe has not been patched. Remote version : 16.0.4266.1001 Fixed version : 16.0.7167.2036 Product : OneNote 2016 - C:\Program Files (x86)\Microsoft Office\Office16\OneNote.exe has not been patched. Remote version : 16.0.4266.1001 Fixed version : 16.0.7167.2036 Product : Outlook 2016 - C:\Program Files (x86)\Microsoft Office\Office16\Outlook.exe has not been patched. Remote version : 16.0.4266.1001 Fixed version : 16.0.7167.2036
|
92843 - MS16-097: Security Update for Microsoft Graphics Component (3177393) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities in the Graphics component due to improper handling of embedded fonts by the Windows font library. An unauthenticated, remote attacker can exploit these vulnerabilities, by convincing a user to visit a malicious website or open a specially crafted document file, to execute arbitrary code in the context of the current user.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.9 (CVSS:3.0/E:P/RL:O/RC:X)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:ND)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/08/10, Modification date: 2017/01/05Ports
tcp/445
None of the versions of 'GdiPlus.dll' under C:\Windows\WinSxS have been patched. Fixed version : 6.3.9600.18405 Product : Skype for Business 2016 - C:\Program Files (x86)\Microsoft Office\Office16\Lync.exe has not been patched. Remote version : 16.0.4266.1001 Should be : 16.0.7070.2036
|
93464 - MS16-104: Cumulative Security Update for Internet Explorer (3183038) |
[-/+] |
Synopsis
The remote host has a web browser installed that is affected by multiple vulnerabilities.Description
The version of Internet Explorer installed on the remote Windows host is missing Cumulative Security Update 3183038. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.See Also
Solution
Microsoft has released a set of patches for Internet Explorer 9, 10, and 11. Note that MS16-116 must also be installed to fully resolve CVE-2016-3375.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/09/13, Modification date: 2016/12/09Ports
tcp/445
- C:\Windows\system32\mshtml.dll has not been patched. Remote version : 11.0.9600.18231 Should be : 11.0.9600.18450
|
93466 - MS16-106: Security Update for Microsoft Graphics Component (3185848) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - Multiple elevation of privilege vulnerabilities exist in Windows kernel-mode drivers due to improper handling of objects in memory. An authenticated, remote attacker can exploit these, via a specially crafted application, to run arbitrary code in kernel mode. (CVE-2016-3348, CVE-2016-3349) - An information disclosure vulnerability exists in the Graphics Device Interface (GDI) due to improper handling of objects in memory. An authenticated, remote attacker can exploit this, via a specially crafted application, to circumvent the Address Space Layout Randomization (ASLR) feature and disclose sensitive memory information. (CVE-2016-3354) - An elevation of privilege vulnerability exists in the Graphics Device Interface (GDI) due to improper handling of objects in memory. An authenticated, remote attacker can exploit this to run arbitrary code in kernel mode. (CVE-2016-3355) - An unspecified flaw exists in the Graphics Device Interface (GDI) due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a malicious document, to execute arbitrary code in the context of the current user. (CVE-2016-3356See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/09/13, Modification date: 2017/03/21Ports
tcp/445
- C:\Windows\system32\win32k.sys has not been patched. Remote version : 6.3.9600.18228 Should be : 6.3.9600.18439
|
93470 - MS16-111: Security Update for Windows Kernel (3186973) |
[-/+] |
Synopsis
The remote host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - Multiple elevation of privilege vulnerabilities exist due to improper handling of session objects. A local attacker can exploit these, via a specially crafted application, to hijack the session of another user. (CVE-2016-3305, CVE-2016-3306) - An flaw exists in the Windows Kernel API due to improper enforcement of permissions. A local attacker can exploit this, via a specially crafted application, to elevate privileges and thereby disclose potentially sensitive information. (CVE-2016-3371) - An elevation of privilege vulnerability exists in the Windows Kernel API due to improper enforcement of permissions. A local attacker can exploit this, via a specially crafted application, to impersonate processes, interject cross-process communication, or interrupt system functionality. (CVE-2016-3372) - An flaw exists in the Windows Kernel API due to improperly allowing access to sensitive registry information. A local attacker can exploit this, via a specially crafted application, to elevate privileges and thereby gain access to user account information. (CVE-2016-3373)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.6 (CVSS2#E:POC/RL:OF/RC:C)STIG Severity
IIReferences
Exploitable with
CANVAS (true)Plugin Information:
Publication date: 2016/09/13, Modification date: 2017/03/21Ports
tcp/445
- C:\Windows\system32\ntoskrnl.exe has not been patched. Remote version : 6.3.9600.18202 Should be : 6.3.9600.18438
|
93471 - MS16-112: Security Update for Windows Lock Screen (3178469) |
[-/+] |
Synopsis
The remote Windows host is affected by an elevation of privilege vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by an elevation of privilege vulnerability due to improperly allowing web content to load from the Windows lock screen. A local attacker can exploit this, by connecting to a maliciously configured WiFi hotspot or by inserting a mobile broadband adapter, to elevate privileges and execute arbitrary code.See Also
Solution
Microsoft has released a set of patches for Windows 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS v3.0 Base Score
6.8 (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/09/13, Modification date: 2016/12/09Ports
tcp/445
- C:\Windows\system32\pnidui.dll has not been patched. Remote version : 6.3.9600.17415 Should be : 6.3.9600.18434
|
93473 - MS16-114: Security Update for Windows SMBv1 Server (3185879) |
[-/+] |
Synopsis
The remote host is affected by a remote code execution vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by a remote code execution vulnerability in the Microsoft Server Message Block 1.0 (SMBv1) Server due to improper handling of certain requests. An authenticated, remote attacker can exploit this, via specially crafted packets, to cause a denial of service condition or the execution of arbitrary code.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)CVSS Temporal Score
6.7 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/09/13, Modification date: 2016/12/09Ports
tcp/445
- C:\Windows\system32\drivers\srv.sys has not been patched. Remote version : 6.3.9600.17238 Should be : 6.3.9600.18432
|
93481 - MS16-107: Security Update for Microsoft Office (3185852) |
[-/+] |
Synopsis
An application installed on the remote host is affected by multiple vulnerabilities.Description
The Microsoft Office application installed on the remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the the Click-to-Run (C2R) components due to improper handling of objects in memory. An authenticated, remote attacker can exploit this, via a specially crafted application, to obtain sensitive information and thereby bypass the Address Space Layout Randomization (ASLR) security feature. (CVE-2016-0137) - An information disclosure vulnerability exists due to Visual Basic macros improperly exporting a user's private key from the certificate store while saving a document. An unauthenticated, remote attacker can exploit this, by convincing a user to provide the saved document, to gain access to the user's private key. (CVE-2016-0141) - Multiple remote code execution vulnerabilities exist in Microsoft Office software due to improper handling of objects in memory. A remote attacker can exploit these, by convincing a user to open a specially crafted Office file, to execute arbitrary code in the context of the current user. (CVE-2016-3357, CVE-2016-3358, CVE-2016-3359, CVE-2016-3360, CVE-2016-3361, CVE-2016-3362, CVE-2016-3363, CVE-2016-3364, CVE-2016-3365, CVE-2016-3381) - A spoofing vulnerability exists in Microsoft Outlook due to a failure to conform to RFC2046 and properly identify the end of a MIME attachment. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted email attachment, to cause antivirus or antispam security features to fail. (CVE-2016-3366)See Also
Solution
Microsoft has released a set of patches for Microsoft Office 2007, 2010, 2013, 2013 RT, and 2016; Microsoft Excel 2007, 2010, 2013, 2013 RT, and 2016; Microsoft PowerPoint 2007, 2010, 2013, and 2013 RT; Microsoft Outlook 2007, 2010, 2013, 2013 RT, and 2016; Microsoft Visio 2016; Office Compatibility Pack; Excel Viewer; PowerPoint Viewer; Word Viewer; Microsoft SharePoint Server 2007, 2010, and 2013; Office Web Apps 2010 and 2013; and Office Online Server.Risk Factor
HighCVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.0 (CVSS:3.0/E:P/RL:O/RC:X)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:ND)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/09/14, Modification date: 2016/12/09Ports
tcp/445
Product : Excel 2016 - C:\Program Files (x86)\Microsoft Office\Office16\Excel.exe has not been patched. Remote version : 16.0.4266.1001 Fixed version : 16.0.7070.2058 Product : Outlook 2016 - C:\Program Files (x86)\Microsoft Office\Office16\Outlook.exe has not been patched. Remote version : 16.0.4266.1001 Fixed version : 16.0.7070.2058
|
93651 - MS16-116: Security Update in OLE Automation for VBScript Scripting Engine (3188724) |
[-/+] |
Synopsis
The remote host is affected by a remote code execution vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by a remote code execution vulnerability in the Microsoft OLE Automation mechanism and the VBScript Scripting Engine due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to execute arbitrary code in context of the current user. Note that MS16-104 must also be installed in order to fully resolve the vulnerability.See Also
Solution
Microsoft has released a set of patches for Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IReferences
Plugin Information:
Publication date: 2016/09/22, Modification date: 2016/12/09Ports
tcp/445
- C:\Windows\system32\Oleaut32.dll has not been patched. Remote version : 6.3.9600.17415 Should be : 6.3.9600.18434
|
94011 - MS16-118: Cumulative Security Update for Internet Explorer (3192887) |
[-/+] |
Synopsis
The remote host has a web browser installed that is affected by multiple vulnerabilities.Description
The version of Internet Explorer installed on the remote Windows host is missing Cumulative Security Update 3192887. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.See Also
Solution
Microsoft has released a set of patches for Internet Explorer 9, 10, and 11. Note that security update 3193515 in MS16-126 must also be installed in order to fully resolve CVE-2016-3298 on Windows Vista and Windows Server 2008.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
8.1 (CVSS:3.0/E:F/RL:O/RC:X)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/10/12, Modification date: 2016/12/09Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 3192392 - 3185331 C:\Windows\System32\Gdiplus.dll has not been patched. Remote version : 6.3.9600.18123 Should be : 6.3.9600.18468
|
94012 - MS16-123: Security Update for Windows Kernel-Mode Drivers (3192892) |
[-/+] |
Synopsis
The remote host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - Multiple elevation of privilege vulnerabilities exist in the Windows kernel-mode driver due to improper handling of objects in memory. A local attacker can exploit these, via a specially crafted application, to execute arbitrary code in kernel mode. (CVE-2016-3266, CVE-2016-3376, CVE-2016-7185, CVE-2016-7191) - An elevation of privilege vulnerability exists in Windows Transaction Manager due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to execute processes in an elevated context. (CVE-2016-3341)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.2 (CVSS:3.0/E:F/RL:O/RC:X)CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.0 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/10/12, Modification date: 2017/03/13Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 3192392 - 3185331 C:\Windows\System32\Gdiplus.dll has not been patched. Remote version : 6.3.9600.18123 Should be : 6.3.9600.18468
|
94016 - MS16-121: Security Update for Microsoft Office (3194063) |
[-/+] |
Synopsis
An application installed on the remote host is affected by a remote code execution vulnerability.Description
The Microsoft Office application installed on the remote Windows host is missing a security update. It is, therefore, affected by a remote code execution vulnerability due to improper handling of RTF files. An unauthenticated, remote attacker can exploit this by convincing a user to open a specially crafted Office file, resulting in the execution of arbitrary code in the context of the current user.See Also
Solution
Microsoft has released a set of patches for Microsoft Office 2007, 2010, 2013, 2013 RT, and 2016; Microsoft Word 2007, 2010, 2013, 2013 RT, and 2016; Microsoft Office Compatibility Pack; Microsoft Word Viewer; Microsoft SharePoint Server 2010 and 2013; Microsoft Office Web Apps 2010 and 2013; and Office Online Server.Risk Factor
HighCVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/10/12, Modification date: 2016/12/09Ports
tcp/445
Product : Word 2016 - C:\Program Files (x86)\Microsoft Office\Office16\WinWord.exe has not been patched. Remote version : 16.0.4266.1001 Fixed version : 16.0.7369.2038
|
94017 - MS16-120: Security Update for Microsoft Graphics Component (3192884) |
[-/+] |
Synopsis
The remote host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - Multiple information disclosure vulnerabilities exist in the Windows GDI component due to improper handling of objects in memory. A local attacker can exploit these vulnerabilities, via a specially crafted application, to predict memory offsets in a call stack and bypass the Address Space Layout Randomization (ASLR) feature, resulting in the disclosure of memory contents. (CVE-2016-3209, CVE-2016-3262, CVE-2016-3263) - An elevation of privilege vulnerability exists in the Windows kernel due to improper handling of objects in memory. A local attacker can exploit this to elevate privileges and execute code in kernel mode. (CVE-2016-3270) - A remote code execution vulnerability exists in the Windows GDI component due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this vulnerability by convincing a user to visit a specially crafted website or open a specially crafted file, resulting in the execution of arbitrary code in the context of the current user. (CVE-2016-3393) - A remote code execution vulnerability exists in the Windows font library due to improper handling of embedded fonts. An unauthenticated, remote attacker can exploit this vulnerability by convincing a user to visit a specially crafted website or open a specially crafted document file, resulting in the execution of arbitrary code in the context of the current user. (CVE-2016-3396) - An elevation of privilege vulnerability exists in the Windows GDI component due to improper handling of objects in memory. A local attacker can exploit this to elevate privileges and execute code in kernel mode. (CVE-2016-7182)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10. Additionally, Microsoft has released a set of patches for Office 2007, Office 2010, Word Viewer, Skype for Business 2016, Lync 2010, Lync 2013, Live Meeting 2007 Console, .NET Framework 3.0 SP2, .NET Framework 3.5, .NET Framework 3.5.1, .NET Framework 4.5.2, .NET Framework 4.6, and Silverlight 5.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
8.1 (CVSS:3.0/E:F/RL:O/RC:X)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/10/12, Modification date: 2017/02/28Ports
tcp/445
- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll has not been patched. Remote version : 3.0.6920.8010 Should be : 3.0.6920.8720 Product : Skype for Business 2016 - C:\Program Files (x86)\Microsoft Office\Office16\Lync.exe has not been patched. Remote version : 16.0.4266.1001 Should be : 16.0.7369.2038 The remote host is missing one of the following rollup KBs : - 3192392 - 3185331 C:\Windows\System32\Gdiplus.dll has not been patched. Remote version : 6.3.9600.18123 Should be : 6.3.9600.18468
|
94138 - Oracle Java SE Multiple Vulnerabilities (October 2016 CPU) |
[-/+] |
Synopsis
The remote Windows host contains a programming platform that is affected by multiple vulnerabilities.Description
The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 8 Update 111, 7 Update 121, or 6 Update 131. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the Libraries subcomponent that allows an unauthenticated, remote attacker to impact integrity. (CVE-2016-5542) - An unspecified flaw exists in the JMX subcomponent that allows an unauthenticated, remote attacker to impact integrity. (CVE-2016-5554) - An unspecified flaw exists in the 2D subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-5556) - An unspecified flaw exists in the AWT subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-5568) - Multiple unspecified flaws exist in the Hotspot subcomponent that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-5573, CVE-2016-5582) - An unspecified flaw exists in the Networking subcomponent that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2016-5597)See Also
Solution
Upgrade to Oracle JDK / JRE 8 Update 111 / 7 Update 121 / 6 Update 131 or later. If necessary, remove any affected versions. Note that an Extended Support contract with Oracle is needed to obtain JDK / JRE 6 Update 95 or later.Risk Factor
HighCVSS v3.0 Base Score
9.6 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)CVSS v3.0 Temporal Score
8.6 (CVSS:3.0/E:P/RL:O/RC:X)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/10/19, Modification date: 2017/02/08Ports
tcp/445
The following vulnerable instance of Java is installed on the remote host : Path : C:\Program Files (x86)\Java\jre1.8.0_73 Installed version : 1.8.0_73 Fixed version : 1.6.0_131 / 1.7.0_121 / 1.8.0_111
|
94201 - Oracle Database Multiple Vulnerabilities (October 2016 CPU) |
[-/+] |
Synopsis
The remote database server is affected by multiple vulnerabilities.Description
The remote Oracle Database Server is missing the October 2016 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the RDBMS Security and SQL*Plus component that allows an authenticated, remote attacker to disclose sensitive information. (CVE-2016-3562) - An unspecified flaw exists in the RDBMS Security component that allows a local attacker to gain elevated privileges. (CVE-2016-5497) - Multiple unspecified flaws exist in the RDBMS Security component that allow a local attacker to disclose sensitive information. (CVE-2016-5498, CVE-2016-5499) - An unspecified flaw exists in the RDBMS Programmable Interface component that allows a local attacker to disclose sensitive information. (CVE-2016-5505) - An unspecified flaw exists in the Kernel PDB component that allows a local attacker to cause a denial of service condition. (CVE-2016-5516) - An unspecified flaw exists in the OJVM component that allows an authenticated, remote attacker to execute arbitrary code. (CVE-2016-5555) - An unspecified flaw exists in the Kernel PDB component that allows a local attacker to gain elevated privileges. (CVE-2016-5572)See Also
Solution
Apply the appropriate patch according to the October 2016 Oracle Critical Patch Update advisory.Risk Factor
HighCVSS v3.0 Base Score
9.1 (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.9 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)CVSS Temporal Score
6.7 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/10/21, Modification date: 2017/01/23Ports
tcp/445
The following vulnerable instance of Oracle Database is installed on the remote host : Ohome : c:\oracle\product\12.1.0\dbhome_1 Missing DB Patches : 24591642 Missing OJVM Patches : 24591630
|
94631 - MS16-130: Security Update for Microsoft Windows (3199172) |
[-/+] |
Synopsis
The remote host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update or security rollup. It is, therefore, affected by the following vulnerabilities : - A remote code execution vulnerability exists in the Windows image file handling functionality due to improper handling of image files. An unauthenticated, remote attacker can exploit this vulnerability by convincing a user to open a specially crafted image file from a web page or email message, resulting in the execution of arbitrary code in the context of the current user. (CVE-2016-7212) - An elevation of privilege vulnerability exists in Windows Input Method Editor (IME) due to improper loading of DLL files. A local attacker can exploit this, via a specially crafted application, to elevate privileges. (CVE-2016-7221) - An elevation of privilege vulnerability exists in Windows Task Scheduler due to improper handling of UNC paths. An authenticated, remote attacker can exploit this vulnerability by scheduling a new task with a specially crafted UNC path, resulting in the execution of arbitrary code with elevated system privileges. (CVE-2016-7222)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/11/08, Modification date: 2016/12/09Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 3197873 - 3197874 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.18228 Should be : 6.3.9600.18524
|
94633 - MS16-132: Security Update for Microsoft Graphics Component (3199120) |
[-/+] |
Synopsis
The remote host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the Windows Animation Manager due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this vulnerability by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user. (CVE-2016-7205) - An information disclosure vulnerability exists in the ATMFD component due to improper handling of Open Type fonts. An unauthenticated, remote attacker can exploit this vulnerability by convincing a user to visit a specially crafted website or open a specially crafted file, resulting in the disclosure of sensitive information. (CVE-2016-7210) - A remote code execution vulnerability exists in the Windows Media Foundation due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this vulnerability by convincing a user to visit a specially crafted website or open a specially crafted document, resulting in the execution of arbitrary code in the context of the current user. (CVE-2016-7217) - A remote code execution vulnerability exists in the Windows font library due to improper handling of embedded Open Type fonts. An unauthenticated, remote attacker can exploit this vulnerability by convincing a user to visit a specially crafted website or open a specially crafted document, resulting in the execution of arbitrary code in the context of the current user. (CVE-2016-7256)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
8.1 (CVSS:3.0/E:F/RL:O/RC:X)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/11/08, Modification date: 2016/12/09Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 3197873 - 3197874 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.18228 Should be : 6.3.9600.18524
|
94634 - MS16-133: Security Update for Microsoft Office (3199168) |
[-/+] |
Synopsis
An application installed on the remote host is affected by multiple vulnerabilities.Description
The Microsoft Office application installed on the remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - Multiple remote code execution vulnerabilities exist due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit these by convincing a user to visit a specially crafted website or open a specially crafted Office file, resulting in the execution of arbitrary code in the context of the current user. (CVE-2016-7213, CVE-2016-7228, CVE-2016-7229, CVE-2016-7230, CVE-2016-7231, CVE-2016-7232, CVE-2016-7234, CVE-2016-7235, CVE-2016-7236, CVE-2016-7245) - An information disclosure vulnerability exists due to an out-of-bounds read error caused by an uninitialized variable. An unauthenticated, remote attacker can exploit this by convincing a user to open a specially crafted Office file, resulting in the disclosure of memory contents. (CVE-2016-7233) - A denial of service vulnerability exists due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this by convincing a user to open a specially crafted file, resulting in a crash of the application. (CVE-2016-7244)See Also
Solution
Microsoft has released a set of patches for Microsoft Office 2007, 2010, 2013, 2013 RT, and 2016; Microsoft Excel 2007, 2010, 2013, 2013 RT, and 2016; Microsoft PowerPoint 2010; Microsoft Word 2007, 2010, 2013, and 2013 RT; Office Compatibility Pack; Excel Viewer; PowerPoint Viewer; Word Viewer; Microsoft SharePoint Server 2010 and 2013; and Office Web Apps 2010 and 2013Risk Factor
HighCVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/11/08, Modification date: 2016/12/09Ports
tcp/445
Product : Excel 2016 - C:\Program Files (x86)\Microsoft Office\Office16\Excel.exe has not been patched. Remote version : 16.0.4266.1001 Fixed version : 16.0.7369.2055
|
94635 - MS16-134: Security Update for Common Log File System Driver (3193706) |
[-/+] |
Synopsis
The remote host is affected by multiple elevation of privilege vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple elevation of privilege vulnerabilities in the Windows Common Log File System (CLFS) driver due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to gain elevated privileges.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/11/08, Modification date: 2016/12/19Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 3197873 - 3197874 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.18228 Should be : 6.3.9600.18524
|
94636 - MS16-135: Security Update for Windows Kernel-Mode Drivers (3199135) |
[-/+] |
Synopsis
The remote host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the Windows kernel that allows a local attacker, via a specially crafted application, to bypass the Address Space Layout Randomization (ASLR) feature and retrieve the memory address of a kernel object. (CVE-2016-7214) - Multiple elevation of privilege vulnerabilities exist in the Windows kernel-mode driver due to improper handling of objects in memory. A local attacker can exploit these, via a specially crafted application, to execute arbitrary code in kernel mode. (CVE-2016-7215, CVE-2016-7246, CVE-2016-7255) - An information disclosure vulnerability exists in the bowser.sys kernel-mode driver due to improper handling objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2016-7218)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.Risk Factor
HighCVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.5 (CVSS:3.0/E:H/RL:O/RC:X)CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.3 (CVSS2#E:H/RL:OF/RC:ND)STIG Severity
IIReferences
Exploitable with
CANVAS (true)Core Impact (true)Plugin Information:
Publication date: 2016/11/08, Modification date: 2017/03/21Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 3197873 - 3197874 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.18228 Should be : 6.3.9600.18524
|
94638 - MS16-137: Security Update for Windows Authentication Methods (3199173) |
[-/+] |
Synopsis
The remote Windows host is affected multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in Windows Virtual Secure Mode due to improper handling of objects in memory. An authenticated, remote attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2016-7220) - A denial of service vulnerability exists in the Local Security Authority Subsystem Service (LSASS) when handling specially crafted requests. An authenticated, remote attacker can exploit this to cause the host to become non-responsive. (CVE-2016-7237) - An elevation of privilege vulnerability exists due to improper handling of NTLM password change requests. An authenticated, remote attacker can exploit this, via a specially crafted application, to gain administrative privileges. (CVE-2016-7238)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)CVSS Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)CVSS Temporal Score
7.0 (CVSS2#E:POC/RL:OF/RC:C)References
Exploitable with
Core Impact (true)Plugin Information:
Publication date: 2016/11/08, Modification date: 2017/03/08Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 3197873 - 3197874 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.18228 Should be : 6.3.9600.18524
|
94639 - MS16-138: Security Update for Microsoft Virtual Hard Disk Driver (3199647) |
[-/+] |
Synopsis
The remote host is affected by multiple elevation of privilege vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple elevation of privilege vulnerabilities in the Windows Virtual Hard Disk Driver due to improper handling of user access to certain files. A local attacker can exploit these, via a specially crafted application, to manipulate files not intended to be available to the user.See Also
Solution
Microsoft has released a set of patches for Windows 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.Risk Factor
HighCVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.0 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/11/08, Modification date: 2016/12/09Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 3197873 - 3197874 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.18228 Should be : 6.3.9600.18524
|
94641 - MS16-140: Security Update for Boot Manager (3193479) |
[-/+] |
Synopsis
The remote host is affected by a security bypass vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected a security bypass vulnerability in Windows Secure Boot due to the use of an insecure boot policy in firmware. A local attacker can exploit this issue to disable code integrity checks, allowing test-signed executables and drivers to be loaded onto a target device.See Also
Solution
Microsoft has released a set of patches for Windows 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.Risk Factor
HighCVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/11/08, Modification date: 2016/12/09Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 3197873 - 3197874 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.18228 Should be : 6.3.9600.18524
|
94643 - MS16-142: Cumulative Security Update for Internet Explorer (3198467) |
[-/+] |
Synopsis
The remote host has a web browser installed that is affected by multiple vulnerabilities.Description
The version of Internet Explorer installed on the remote Windows host is missing Cumulative Security Update 3198467. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.See Also
Solution
Microsoft has released a set of patches for Internet Explorer 9, 10, and 11.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/11/08, Modification date: 2016/12/19Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 3197873 - 3197874 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.18228 Should be : 6.3.9600.18524
|
95764 - MS16-144: Cumulative Security Update for Internet Explorer (3204059) |
[-/+] |
Synopsis
The remote host has a web browser installed that is affected by multiple vulnerabilities.Description
The version of Internet Explorer installed on the remote Windows host is missing Cumulative Security Update 3204059. It is, therefore, affected by multiple vulnerabilities, the most severe of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.See Also
Solution
Microsoft has released a set of patches for Internet Explorer 9, 10, and 11. Note that security update 3208481 in MS16-144 must also be installed in order to fully resolve CVE-2016-7278 on Windows Vista and Windows Server 2008.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.9 (CVSS:3.0/E:P/RL:O/RC:C)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/12/13, Modification date: 2017/03/20Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 3205400 - 3205401 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.18228 Should be : 6.3.9600.18533
|
95765 - MS16-146: Security Update for Microsoft Graphics Component (3204066) |
[-/+] |
Synopsis
The remote Windows host is affected multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the Windows GDI component due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted document file, to disclose the contents of memory. (CVE-2016-7257) - Multiple remote code execution vulnerabilities exist in the Windows Graphics Component due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted document file, to execute arbitrary code in the context of the current user. (CVE-2016-7272, CVE-2016-7273)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/12/13, Modification date: 2016/12/19Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 3205400 - 3205401 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.18228 Should be : 6.3.9600.18533
|
95766 - MS16-147: Security Update for Microsoft Uniscribe (3204063) |
[-/+] |
Synopsis
The remote host is affected by a remote code execution vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by a remote code execution vulnerability in Windows Uniscribe due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this vulnerability by convincing a user to visit a specially crafted website or open a specially crafted document, resulting in the execution of arbitrary code in the context of the current user.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/12/13, Modification date: 2016/12/19Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 3205400 - 3205401 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.18228 Should be : 6.3.9600.18533
|
95768 - MS16-151: Security Update for Windows Kernel-Mode Drivers (3205651) |
[-/+] |
Synopsis
The remote host is affected by multiple elevation of privilege vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple elevation of privilege vulnerabilities : - An elevation of privilege vulnerability exists in the Windows Graphics Component due to improper handling of objects in memory. A local attacker can exploit this vulnerability, via a specially crafted application, to execute arbitrary code in an elevated context. (CVE-2016-7259) - An elevation of privilege vulnerability exists in the Windows kernel-mode driver due to improper handling of objects in memory. A local attacker can exploit this vulnerability, via a specially crafted application, to execute arbitrary code in kernel mode. (CVE-2016-7260)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.Risk Factor
HighCVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.0 (CVSS:3.0/E:P/RL:O/RC:C)CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.6 (CVSS2#E:POC/RL:OF/RC:C)STIG Severity
IIReferences
Exploitable with
Core Impact (true)Plugin Information:
Publication date: 2016/12/13, Modification date: 2017/01/18Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 3205400 - 3205401 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.18228 Should be : 6.3.9600.18533
|
95811 - MS16-148: Security Update for Microsoft Office (3204068) |
[-/+] |
Synopsis
An application installed on the remote host is affected by multiple vulnerabilities.Description
The Microsoft Office application or Microsoft Office Services and Web Apps installed on the remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - An arbitrary command execution vulnerability exists in Microsoft Office due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this by convincing a user to open a specially crafted Office file, resulting in a bypass of security restrictions and the execution of arbitrary commands. (CVE-2016-7262) - Multiple remote code execution vulnerabilities exist in Microsoft Office software due to a failure to properly handle objects in memory. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to open a specially crafted Office file, resulting in the execution of arbitrary code in the context of the current user. (CVE-2016-7263, CVE-2016-7277, CVE-2016-7289, CVE-2016-7298) - Multiple information disclosure vulnerabilities exist in Microsoft Office software due to an out-of-bounds memory read error. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to open a specially crafted Office file, resulting in the disclosure of memory contents. (CVE-2016-7264, CVE-2016-7265, CVE-2016-7268, CVE-2016-7276, CVE-2016-7290, CVE-2016-7291) - An arbitrary command execution vulnerability exists in Microsoft Office due to improper validation of registry settings when running embedded content. An unauthenticated, remote attacker can exploit this by convincing a user to open a specially crafted document file multiple times, resulting in a bypass of security restrictions and the execution of arbitrary commands. (CVE-2016-7266) - A security bypass vulnerability exists in Microsoft Office due to improper parsing of file formats. An unauthenticated, remote attacker can exploit this by convincing a user to open a specially crafted Office file, resulting in a bypass security restrictions. (CVE-2016-7267) - An elevation of privilege vulnerability exists in Microsoft Office due to improper validation before loading libraries. A local attacker can exploit this, via a specially crafted application, to gain elevated privileges. (CVE-2016-7275)See Also
Solution
Microsoft has released a set of patches for Microsoft Office 2007, 2010, 2013, 2013 RT, and 2016; Microsoft Excel 2007, 2010, 2013, 2013 RT, and 2016; Microsoft Word 2007, 2010; Microsoft Publisher 2010 Office Compatibility Pack; Excel Viewer; Word Viewer; Microsoft SharePoint Server 2007 and 2010; and Office Web Apps 2010.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.9 (CVSS:3.0/E:P/RL:O/RC:C)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/12/14, Modification date: 2016/12/19Ports
tcp/445
Product : Excel 2016 - C:\Program Files (x86)\Microsoft Office\Office16\Excel.exe has not been patched. Remote version : 16.0.4266.1001 Fixed version : 16.0.7571.2075
|
95813 - MS16-149: Security Update for Microsoft Windows (3205655) |
[-/+] |
Synopsis
The remote Windows host is affected multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in a Windows Crypto driver running in kernel mode due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2016-7219) - An elevation of privilege vulnerability exists in the Windows installer due to improper sanitization of input, leading to insecure library loading behavior. A local attacker can exploit this to run arbitrary code with elevated system privileges. (CVE-2016-7292)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.Risk Factor
HighCVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/12/14, Modification date: 2017/01/11Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 3205400 - 3205401 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.18228 Should be : 6.3.9600.18533
|
96391 - MS17-002: Security Update for Microsoft Office (3214291) |
[-/+] |
Synopsis
An application installed on the remote host is affected by a remote code execution vulnerability.Description
The version of Microsoft Word or Microsoft SharePoint Server installed on the remote Windows host is missing a security update. It is, therefore, affected by a memory corruption issue due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Office file, to execute arbitrary code in the context of the current user.See Also
Solution
Microsoft has released a set of patches for Microsoft Word 2016 and SharePoint Server 2016Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
| CVE |
CVE-2017-0003
|
| XREF |
OSVDB:149885 |
| XREF |
MSFT:MS17-002 |
| XREF |
IAVA:2017-A-0009 |
Plugin Information:
Publication date: 2017/01/10, Modification date: 2017/01/16Ports
tcp/445
Product : Word 2016 - C:\Program Files (x86)\Microsoft Office\Office16\WinWord.exe has not been patched. Remote version : 16.0.4266.1001 Fixed version : 16.0.7571.2109
|
96611 - Oracle Database Multiple Vulnerabilities (January 2017 CPU) |
[-/+] |
Synopsis
The remote database server is affected by multiple vulnerabilities.Description
The remote Oracle Database Server is missing the January 2017 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the OJVM component that allows an authenticated, remote attacker to execute arbitrary code. (CVE-2017-3310) - An unspecified flaw exists in the RDBMS Security component that allows a local attacker to disclose potentially sensitive information. (CVE-2017-3240)See Also
Solution
Apply the appropriate patch according to the January 2017 Oracle Critical Patch Update advisory.Risk Factor
HighCVSS v3.0 Base Score
9.0 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)CVSS Base Score
8.5 (CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C)STIG Severity
IReferences
Plugin Information:
Publication date: 2017/01/18, Modification date: 2017/02/08Ports
tcp/445
The following vulnerable instance of Oracle Database is installed on the remote host : Ohome : c:\oracle\product\12.1.0\dbhome_1 Missing DB Patches : 25115951 Missing OJVM Patches : 25112498
|
96628 - Oracle Java SE Multiple Vulnerabilities (January 2017 CPU) (SWEET32) |
[-/+] |
Synopsis
The remote Windows host contains a programming platform that is affected by multiple vulnerabilities.Description
The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 8 Update 121, 7 Update 131, or 6 Update 141. It is, therefore, affected by multiple vulnerabilities : - A vulnerability exists in the Libraries subcomponent, known as SWEET32, in the 3DES and Blowfish algorithms due to the use of weak 64-bit block ciphers by default. A man-in-the-middle attacker who has sufficient resources can exploit this vulnerability, via a 'birthday' attack, to detect a collision that leaks the XOR between the fixed secret and a known plaintext, allowing the disclosure of the secret text, such as secure HTTPS cookies, and possibly resulting in the hijacking of an authenticated session. (CVE-2016-2183) - An unspecified flaw exists in the Libraries subcomponent that allows an unauthenticated, remote attacker to impact integrity. (CVE-2016-5546) - An unspecified flaw exists in the Libraries subcomponent that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2016-5547) - Multiple unspecified flaws exist in the Libraries subcomponent that allow an unauthenticated, remote attacker to disclose sensitive information. (CVE-2016-5548, CVE-2016-5549) - An unspecified flaw exists in the Networking subcomponent that allows an unauthenticated, remote attacker to impact integrity. (CVE-2016-5552) - An unspecified flaw exists in the Mission Control subcomponent that allows an unauthenticated, remote attacker to impact integrity. (CVE-2016-8328) - Multiple unspecified flaws exist in the Networking subcomponent that allow an unauthenticated, remote attacker to disclose sensitive information. (CVE-2017-3231, CVE-2017-3261) - An unspecified flaw exists in the RMI subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-3241) - An unspecified flaw exists in the JAAS subcomponent that allows an unauthenticated, remote attacker to impact integrity. (CVE-2017-3252) - An unspecified flaw exists in the 2D subcomponent that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2017-3253) - An unspecified flaw exists in the Deployment subcomponent that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2017-3259) - An unspecified flaw exists in the AWT subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-3260) - An unspecified flaw exists in the Java Mission Control subcomponent that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2017-3262) - An unspecified flaw exists in the Libraries subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-3272) - An unspecified flaw exists in the Hotspot subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-3289) Note that CVE-2017-3241 can only be exploited by supplying data to APIs in the specified component without using untrusted Java Web Start applications or untrusted Java applets, such as through a web service. Note that CVE-2016-2183, CVE-2016-5546, CVE-2016-5547, CVE-2016-5552, CVE-2017-3252, and CVE-2017-3253 can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. They can also be exploited by supplying data to APIs in the specified component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.See Also
Solution
Upgrade to Oracle JDK / JRE 8 Update 121 / 7 Update 131 / 6 Update 141 or later. If necessary, remove any affected versions. Note that an Extended Support contract with Oracle is needed to obtain JDK / JRE 6 Update 95 or later.Risk Factor
HighCVSS v3.0 Base Score
9.6 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IReferences
Plugin Information:
Publication date: 2017/01/19, Modification date: 2017/01/23Ports
tcp/445
The following vulnerable instance of Java is installed on the remote host : Path : C:\Program Files (x86)\Java\jre1.8.0_73 Installed version : 1.8.0_73 Fixed version : 1.6.0_141 / 1.7.0_131 / 1.8.0_121
|
97729 - MS17-006: Cumulative Security Update for Internet Explorer (4013073) |
[-/+] |
Synopsis
The remote host has a web browser installed that is affected by multiple vulnerabilities.Description
The version of Internet Explorer installed on the remote Windows host is missing Cumulative Security Update 4013073. It is, therefore, affected by multiple vulnerabilities, the most severe of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.See Also
Solution
Microsoft has released a set of patches for Internet Explorer 9, 10, and 11. Note that security update 3218362 in MS17-006 must also be installed in order to fully resolve CVE-2017-0008 on Windows Vista and Windows Server 2008.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:ND)STIG Severity
IIReferences
Plugin Information:
Publication date: 2017/03/14, Modification date: 2017/03/21Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 4012204 - 4012216 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.18228 Should be : 6.3.9600.18603
|
97731 - MS17-009: Security Update for Microsoft Windows PDF Library (4010319) |
[-/+] |
Synopsis
The remote Windows host is affected by a remote code execution vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by a remote code execution vulnerability in the Windows PDF Library due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this vulnerability, by convincing a user to open a specially crafted PDF file or visit a website containing specially crafted PDF content, to execute arbitrary code.See Also
Solution
Microsoft has released a set of patches for Windows 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2017/03/14, Modification date: 2017/03/20Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 4012213 - 4012216 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.18228 Should be : 6.3.9600.18603
|
97732 - MS17-011: Security Update for Microsoft Uniscribe (4013076) |
[-/+] |
Synopsis
The remote host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - Multiple remote code execution vulnerabilities exist in Windows Uniscribe due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit these to execute arbitrary code by convincing a user to view a specially crafted website or open a specially crafted document file. (CVE-2017-0072, CVE-2017-0083, CVE-2017-0084, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, CVE-2017-0089, CVE-2017-0090) - Multiple information disclosure vulnerabilities exist in Windows Uniscribe that allow an unauthenticated, remote attacker to gain access to sensitive information by convincing a user to view a specially crafted website or open a specially crafted document file. (CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, CVE-2017-0128)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2017/03/14, Modification date: 2017/03/20Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 4012213 - 4012216 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.18228 Should be : 6.3.9600.18603
|
97733 - MS17-017: Security Update for Windows Kernel (4013081) |
[-/+] |
Synopsis
The remote Windows host is affected multiple elevation of privilege vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple elevation of privilege vulnerabilities : - An elevation of privilege vulnerability exists in the Windows Kernel API due to improper enforcement of permissions. A local attacker can exploit this, via a specially crafted application, to run processes in an elevated context. (CVE-2017-0050) - An elevation of privilege vulnerability exists in the Windows Transaction Manager due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to run processes in an elevated context. (CVE-2017-0101) - An elevation of privilege vulnerability exists due to a failure to check the length of a buffer prior to copying memory. A local attacker can exploit this, by copying a file to a shared folder or drive, to gain elevated privileges. (CVE-2017-0102) - An elevation of privilege vulnerability exists in the Windows Kernel API due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to gain elevated privileges. (CVE-2017-0103)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.Risk Factor
HighCVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2017/03/14, Modification date: 2017/03/20Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 4012213 - 4012216 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.18228 Should be : 6.3.9600.18603
|
97738 - MS17-018: Security Update for Windows Kernel-Mode Drivers (4013083) |
[-/+] |
Synopsis
The remote Windows host is affected multiple elevation of privilege vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple elevation of privilege vulnerabilities in the Windows kernel-mode driver due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to run arbitrary code in kernel mode.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.Risk Factor
HighCVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2017/03/15, Modification date: 2017/03/20Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 4012213 - 4012216 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.18228 Should be : 6.3.9600.18603
|
97740 - MS17-014: Security Update for Microsoft Office (4013241) |
[-/+] |
Synopsis
An application installed on the remote host is affected by multiple vulnerabilities.Description
The Microsoft Office application, Office Web Apps, or SharePoint Server installed on the remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - Multiple remote code execution vulnerabilities exist in Microsoft Office software due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit these, by convincing a user to open a specially crafted document file, to execute arbitrary code in the context of the current user. (CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031, CVE-2017-0052, CVE-2017-0053) - An information disclosure vulnerability exists in Microsoft Office due to improper disclosure of memory contents. An unauthenticated, remote attacker can exploit this to disclose sensitive system memory information by convincing a user to open a specially crafted document file. (CVE-2017-0027) - A denial of service vulnerability exists in Microsoft Office that allows an unauthenticated, remote attacker to cause Office to stop responding by convincing a user to open a specially crafted document file. (CVE-2017-0029) - An out-of-bounds read error exists in Microsoft Office due to an uninitialized variable. A local attacker can exploit this to disclose memory contents by opening a specially crafted document file. (CVE-2017-0105) - An cross-site scripting (XSS) vulnerability exists in Microsoft SharePoint Server due to improper validation of input before returning it to users. An authenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2017-0107)See Also
Solution
Microsoft has released a set of patches for Microsoft Office 2007, 2010, 2013, and 2016; Microsoft Excel 2007, 2010, 2013, and 2016; Microsoft Word 2007, 2010, 2013, and 2016; Microsoft Office Compatibility Pack; Microsoft Excel Viewer; Microsoft Word Viewer; Microsoft SharePoint Server 2007, 2010, and 2013; Microsoft SharePoint Foundation 2013; and Microsoft Office Web Apps Server 2010 and 2013.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2017/03/15, Modification date: 2017/03/20Ports
tcp/445
Product : Excel 2016 - C:\Program Files (x86)\Microsoft Office\Office16\Excel.exe has not been patched. Remote version : 16.0.4266.1001 Fixed version : 16.0.7870.2024 Product : Word 2016 - C:\Program Files (x86)\Microsoft Office\Office16\WinWord.exe has not been patched. Remote version : 16.0.4266.1001 Fixed version : 16.0.7870.2024
|
97794 - MS17-013: Security Update for Microsoft Graphics Component (4013075) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - Multiple elevation of privilege vulnerabilities exist in the Windows Graphics Device Interface (GDI) component due to improper handling of objects in memory. A local attacker can exploit these vulnerabilities, via a specially crafted application, to execute arbitrary code in kernel mode. (CVE-2017-0001, CVE-2017-0005, CVE-2017-0025, CVE-2017-0047) - Multiple remote code execution vulnerabilities exist in the Windows Graphics component due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit these vulnerabilities, by convincing a user to visit a specially crafted web page or open a specially crafted document, to execute arbitrary code. (CVE-2017-0014, CVE-2017-0108) - An information disclosure vulnerability exists in the Windows Graphics Device Interface (GDI) component due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted web page or open a specially crafted document, to disclose the contents of memory. (CVE-2017-0038) - Multiple information disclosure vulnerabilities exist in the Windows Graphics Device Interface (GDI) component due to improper handling of memory addresses. A local attacker can exploit these vulnerabilities, via a specially crafted application, to disclose sensitive information. (CVE-2017-0060, CVE-2017-0062, CVE-2017-0073) - Multiple information disclosure vulnerabilities exist in the Color Management Module (ICM32.dll) due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted web page, to disclose sensitive information and bypass usermode Address Space Layout Randomization (ASLR). (CVE-2017-0061, CVE-2017-0063)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016. Additionally, Microsoft has released a set of patches for Office 2007, Office 2010, Word Viewer, Skype for Business 2016, Lync 2010, Lync 2010 Attendee, Lync 2013, Lync Basic 2013, Live Meeting 2007 Console, and Silverlight 5.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:ND)STIG Severity
IIReferences
Plugin Information:
Publication date: 2017/03/17, Modification date: 2017/03/22Ports
tcp/445
Product : Skype for Business 2016 - C:\Program Files (x86)\Microsoft Office\Office16\Lync.exe has not been patched. Remote version : 16.0.4266.1001 Should be : 16.0.4510.1000 The remote host is missing one of the following rollup KBs : - 4012213 - 4012216 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.18228 Should be : 6.3.9600.18603
|
63155 - Microsoft Windows Unquoted Service Path Enumeration |
[-/+] |
Synopsis
The remote Windows host has at least one service installed that uses an unquoted service path.Description
The remote Windows host has at least one service installed that uses an unquoted service path, which contains at least one whitespace. A local attacker can gain elevated privileges by inserting an executable file in the path of the affected service. Note that this is a generic test that will flag any application affected by the described vulnerability.See Also
Solution
Ensure that any services that contain a space in the path enclose the path in quotes.Risk Factor
MediumCVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.5 (CVSS:3.0/E:F/RL:X/RC:X)CVSS Base Score
6.9 (CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.6 (CVSS2#E:F/RL:ND/RC:ND)References
Exploitable with
Metasploit (true)Plugin Information:
Publication date: 2012/12/05, Modification date: 2017/03/28Ports
tcp/445
Nessus found the following service with an untrusted path : NmxAppLogService : C:\Program Files (x86)\ABB\NMBase\bin\NmxAppLogService.exe
|
78447 - MS KB3009008: Vulnerability in SSL 3.0 Could Allow Information Disclosure (POODLE) |
[-/+] |
Synopsis
The remote host is affected by a remote information disclosure vulnerability.Description
The remote host is missing one of the workarounds referenced in the Microsoft Security Advisory 3009008. If the client registry key workaround has not been applied, any client software installed on the remote host (including IE) is affected by an information disclosure vulnerability when using SSL 3.0. If the server registry key workaround has not been applied, any server software installed on the remote host (including IIS) is affected by an information disclosure vulnerability when using SSL 3.0. SSL 3.0 uses nondeterministic CBC padding, which allows a man-in-the-middle attacker to decrypt portions of encrypted traffic using a 'padding oracle' attack. This is also known as the 'POODLE' issue.See Also
Solution
Apply the client registry key workaround and the server registry key workaround suggested by Microsoft in the advisory.Risk Factor
MediumCVSS Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)CVSS Temporal Score
3.1 (CVSS2#E:U/RL:TF/RC:UR)References
Plugin Information:
Publication date: 2014/10/15, Modification date: 2016/08/30Ports
tcp/445
The workaround to disable SSL 3.0 for all server software installed on the remote host has not been applied. The workaround to disable SSL 3.0 for all client software installed on the remote host has not been applied. The following users on the remote host have vulnerable IE settings : S-1-5-21-2770019732-1922860174-1796585773-1105 (SSLv3 Enabled) S-1-5-21-2770019732-1922860174-1796585773-1142 (SSLv3 Enabled)
|
86849 - MS15-123: Security Update for Skype for Business and Microsoft Lync to Address Information Disclosure (3105872) |
[-/+] |
Synopsis
The remote host is affected by a cross-site scripting vulnerability.Description
The remote Windows host is affected by a cross-site scripting (XSS) vulnerability in Skype for Business and Lync clients due to improper sanitization of message content before returning it to the user. A remote attacker can exploit this, using specially crafted JavaScript, to execute arbitrary script and HTML in the user's context, resulting in the possible disclosure of sensitive information or other actions.See Also
Solution
Microsoft has released a set of patches for Lync 2010, Lync 2010 Attendee, Lync 2013, Lync Basic 2013, Skype for Business 2016, Skype for Business Basic 2016, and Lync Room System.Risk Factor
MediumCVSS Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)CVSS Temporal Score
3.6 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IReferences
Plugin Information:
Publication date: 2015/11/11, Modification date: 2016/07/06Ports
tcp/445
Product : Skype for Business 2016 - C:\Program Files (x86)\Microsoft Office\Office16\Lync.exe has not been patched. Remote version : 16.0.4266.1001 Should be : 16.0.6001.1038
|
90440 - MS16-047: Security Update for SAM and LSAD Remote Protocols (3148527) (Badlock) |
[-/+] |
Synopsis
The remote Windows host is affected by an elevation of privilege vulnerability.Description
The remote Windows host is affected by an elevation of privilege vulnerability in the Security Account Manager (SAM) and Local Security Authority (Domain Policy) (LSAD) protocols due to improper authentication level negotiation over Remote Procedure Call (RPC) channels. A man-in-the-middle attacker able to intercept communications between a client and a server hosting a SAM database can exploit this to force the authentication level to downgrade, allowing the attacker to impersonate an authenticated user and access the SAM database.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
MediumCVSS Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)CVSS Temporal Score
5.6 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IReferences
| BID |
86002
|
| CVE |
CVE-2016-0128
|
| XREF |
OSVDB:136339 |
| XREF |
MSFT:MS16-047 |
| XREF |
CERT:813296 |
| XREF |
IAVA:2016-A-0093 |
Plugin Information:
Publication date: 2016/04/12, Modification date: 2016/07/19Ports
tcp/445
- C:\Windows\system32\lsasrv.dll has not been patched. Remote version : 6.3.9600.18154 Should be : 6.3.9600.18267
|
91014 - MS16-065: Security Update for .NET Framework (3156757) |
[-/+] |
Synopsis
The remote Windows host is affected by an information disclosure vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by an information disclosure vulnerability in the .NET Framework encryption component. A man-in-the-middle attacker can exploit this vulnerability by injecting unencrypted data into the secure channel between a targeted client and a legitimate server, allowing the attacker to decrypt encrypted SSL/TLS traffic.See Also
Solution
Microsoft has released a set of patches for Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1.Risk Factor
MediumCVSS Base Score
5.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)CVSS Temporal Score
4.3 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/05/10, Modification date: 2016/07/13Ports
tcp/445
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\system.dll has not been patched. Remote version : 2.0.50727.8009 Should be : 2.0.50727.8686 - C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.dll has not been patched. Remote version : 4.6.1055.0 Should be : 4.6.1075.0
|
91016 - MS16-067: Security Update for Volume Manager Driver (3155784) |
[-/+] |
Synopsis
The remote host is affected by an information disclosure vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by an information disclosure vulnerability due to a failure to correctly tie the session of the mounting user to the USB disk being mounted. This issue occurs when the USB disk is mounted over the Remote Desktop Protocol (RDP) via RemoteFX. An attacker can exploit this to access the file and directory information on the mounted USB disk.See Also
Solution
Microsoft has released a set of patches for Windows 2012, 8.1, RT 8.1, and 2012 R2.Risk Factor
MediumCVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)CVSS Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/05/10, Modification date: 2016/07/13Ports
tcp/445
- C:\Windows\system32\drivers\volmgr.sys has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18302
|
91045 - MS KB3155527: Update to Cipher Suites for FalseStart |
[-/+] |
Synopsis
The remote Windows host is affected by a cipher downgrade vulnerability.Description
The remote Windows host is affected by a cipher downgrade vulnerability in FalseStart due to allowing TLS clients to send application data before receiving and verifying the server 'Finished' message. A man-in-the-middle attacker can exploit this to force a TLS client to encrypt the first flight of application_data records using an attacker's chosen cipher suite from the client's list.See Also
Solution
Microsoft has released a set of patches for Windows 2012, 8.1, 2012 R2, and 10.Risk Factor
MediumCVSS Base Score
5.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)Plugin Information:
Publication date: 2016/05/11, Modification date: 2016/05/11Ports
tcp/445
- C:\Windows\system32\schannel.dll has not been patched. Remote version : 6.3.9600.18154 Should be : 6.3.9600.18298
|
91609 - MS16-082: Security Update for Microsoft Windows Search Component (3165270) |
[-/+] |
Synopsis
The remote host is affected by a denial of service vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by a flaw in the Windows Search component due to improper handling of objects in memory. An authenticated attacker can exploit this to degrade server performance, resulting in a denial of service condition.See Also
Solution
Microsoft has released a set of patches for Windows 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10Risk Factor
MediumCVSS Base Score
4.0 (CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P)CVSS Temporal Score
3.0 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/06/14, Modification date: 2016/07/13Ports
tcp/445
- C:\Windows\system32\structuredquery.dll has not been patched. Remote version : 7.0.9600.17415 Should be : 7.0.9600.18334
|
92022 - MS16-091: Security Update for .NET Framework (3170048) |
[-/+] |
Synopsis
The remote Windows host is affected by an information disclosure vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by an information disclosure vulnerability in .NET Framework due to improper processing of XML input containing a reference to an external entity. An unauthenticated, remote attacker can exploit this, via specially crafted XML data, to read arbitrary files.See Also
Solution
Microsoft has released a set of patches for Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1.Risk Factor
MediumCVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)CVSS Temporal Score
4.1 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/07/12, Modification date: 2016/07/18Ports
tcp/445
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\system.data.dll has not been patched. Remote version : 2.0.50727.8007 Should be : 2.0.50727.8692 - C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.data.dll has not been patched. Remote version : 4.6.1055.0 Should be : 4.6.1082.0
|
93474 - MS16-115: Security Update for Microsoft Windows PDF Library (3188733) |
[-/+] |
Synopsis
The remote Windows host is affected by an information disclosure vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple information disclosure vulnerabilities in the Windows PDF Library due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this vulnerability, by convincing a user to open a specially crafted PDF file or visit a website containing specially crafted PDF content, to disclose sensitive information from memory.See Also
Solution
Microsoft has released a set of patches for Windows 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
MediumCVSS v3.0 Base Score
4.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)CVSS v3.0 Temporal Score
3.9 (CVSS:3.0/E:P/RL:O/RC:C)CVSS Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)CVSS Temporal Score
3.4 (CVSS2#E:POC/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/09/13, Modification date: 2016/12/09Ports
tcp/445
- C:\Windows\system32\windows.data.pdf.dll has not been patched. Remote version : 6.3.9600.18229 Should be : 6.3.9600.18454
|
97736 - MS17-021: Security Update for Windows DirectShow (4010318) |
[-/+] |
Synopsis
The remote Windows host is affected by an information disclosure vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by an information disclosure vulnerability in Windows DirectShow due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a website containing specially crafted media content, to disclose sensitive information.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016. Note that the Microsoft Bulletin contains contradictory information regarding the Windows 2012 Security Only Update and the Windows 2012 Monthly Rollup Update. These updates may not resolve the vulnerability. Please contact Microsoft for clarification if you are running Windows 2012.Risk Factor
MediumCVSS v3.0 Base Score
4.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)CVSS Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
| CVE |
CVE-2017-0042
|
| XREF |
OSVDB:153672 |
| XREF |
MSFT:MS17-021 |
| XREF |
IAVB:2017-B-0031 |
Plugin Information:
Publication date: 2017/03/15, Modification date: 2017/03/20Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 4012213 - 4012216 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.18228 Should be : 6.3.9600.18603
|
97741 - MS17-016: Security Update for Windows IIS (4013074) |
[-/+] |
Synopsis
The remote Windows host is affected by a cross-site scripting vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by a cross-site scripting (XSS) vulnerability due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.Risk Factor
MediumCVSS v3.0 Base Score
4.7 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)CVSS Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)CVSS Temporal Score
3.6 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IIReferences
Plugin Information:
Publication date: 2017/03/15, Modification date: 2017/03/20Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 4012213 - 4012216 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.18228 Should be : 6.3.9600.18603
|
97742 - MS17-022: Security Update for Microsoft XML Core Services (4010321) |
[-/+] |
Synopsis
The remote host is affected by an information disclosure vulnerability.Description
The remote Windows host is affected by an information disclosure vulnerability in Microsoft XML Core Services (MSXML) due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this vulnerability, by convincing a user to visit a specially crafted website, to test for the presence of files on disk.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.Risk Factor
MediumCVSS v3.0 Base Score
4.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)CVSS Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)CVSS Temporal Score
3.2 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2017/03/15, Modification date: 2017/03/20Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 4012213 - 4012216 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.18228 Should be : 6.3.9600.18603
|
11457 - Microsoft Windows SMB Registry : Winlogon Cached Password Weakness |
[-/+] |
Synopsis
User credentials are stored in memory.Description
The registry key 'HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ Winlogon\CachedLogonsCount' is non-NULL. Using a non-NULL value for the CachedLogonsCount key indicates that the remote Windows host locally caches the passwords of the users when they login, in order to continue to allow the users to login in the case of the failure of the primary domain controller (PDC).See Also
Solution
Use regedt32 and set the value of this registry key to 0.Risk Factor
LowCVSS Base Score
2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)Plugin Information:
Publication date: 2003/03/24, Modification date: 2016/06/24Ports
tcp/445
Max cached logons : 10
|
94013 - MS16-124: Security Update for Windows Registry (3193227) |
[-/+] |
Synopsis
The remote host is affected by multiple information disclosure vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple information disclosure vulnerabilities in the kernel API that allow a local attacker, via a specially crafted application, to disclose sensitive registry information.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
LowCVSS v3.0 Base Score
3.3 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)CVSS Base Score
2.1 (CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N)CVSS Temporal Score
1.7 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/10/12, Modification date: 2016/12/09Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 3185331 - 3192392 C:\Windows\System32\Gdiplus.dll has not been patched. Remote version : 6.3.9600.18123 Should be : 6.3.9600.18468
|
95770 - MS16-153: Security Update for Common Log File System Driver (3207328) |
[-/+] |
Synopsis
The remote host is affected by an information disclosure vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by an information disclosure vulnerability in the Windows Common Log File System (CLFS) due to improper handling of objects in memory. A local attacker can exploit this vulnerability, via a specially crafted application, to bypass security measures and disclose sensitive information.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.Risk Factor
LowCVSS v3.0 Base Score
5.5 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)CVSS v3.0 Temporal Score
4.8 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
2.1 (CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N)CVSS Temporal Score
1.6 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/12/13, Modification date: 2016/12/19Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 3205400 - 3205401 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.18228 Should be : 6.3.9600.18533
|
10394 - Microsoft Windows SMB Log In Possible |
[-/+] |
Synopsis
It was possible to log into the remote host.Description
The remote host is running a Microsoft Windows operating system or Samba, a CIFS/SMB server for Unix. It was possible to log into it using one of the following accounts : - NULL session - Guest account - Supplied credentialsSee Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2000/05/09, Modification date: 2017/01/19Ports
tcp/445
- The SMB tests will be done as Administrator/******
|
10395 - Microsoft Windows SMB Shares Enumeration |
[-/+] |
Synopsis
It is possible to enumerate remote network shares.Description
By connecting to the remote host, Nessus was able to enumerate the network share names.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2000/05/09, Modification date: 2015/01/12Ports
tcp/445
Here are the SMB shares available on the remote host when logged in as Administrator: - ADMIN$ - C$ - IPC$ - nm_files
|
10396 - Microsoft Windows SMB Shares Access |
[-/+] |
Synopsis
It is possible to access a network share.Description
The remote has one or more Windows shares that can be accessed through the network with the given credentials. Depending on the share rights, it may allow an attacker to read / write confidential data.Solution
To restrict access under Windows, open Explorer, do a right click on each share, go to the 'sharing' tab, and click on 'permissions'.Risk Factor
NoneReferences
Plugin Information:
Publication date: 2000/05/09, Modification date: 2015/11/18Ports
tcp/445
The following shares can be accessed as Administrator : - nm_files - (readable,writable) + Content of this share : .. cim de public scada - C$ - (readable,writable) + Content of this share : .rnd ABB AlarmColorDefinitions.xml autobuild_temp Boot bootmgr BOOTNXT BOOTSECT.BAK Data Documents and Settings MSOCache nm_files oracle oradev6i pagefile.sys Pcu400 Program Files Program Files (x86) ProgramData proj_default_indicators.xml Recovery spide System Volume Information Temp Users Windows - ADMIN$ - (readable,writable) + Content of this share : .. $Reconfig$ ADFS AppCompat apppatch AppReadiness assembly bfsvc.exe Boot bootstat.dat Branding CbsTemp Cursors debug DesktopTileResources diagerr.xml diagnostics diagwrn.xml DigitalLocker Downloaded Program Files drivers DtcInstall.log ELAMBKUP en-US explorer.exe Fonts Globalization Help HelpPane.exe hh.exe IME ImmersiveControlPanel Inf InputMethod Installer krb.con krb5.ini krb5.keytab krbrealm.con L2Schemas LiveKernelReports Logs media mib.bin Microsoft.NET ModemLogs Offline Web Pages Panther PCHEALTH PFRO.log PLA PolicyDefinitions Provisioning regedit.exe Registration RemotePackages rescache Resources SchCache schemas security ServerStandard.xml ServerWeb.xml ServiceProfiles servicing Setup setupact.log setuperr.log SHELLNEW SoftwareDistribution Speech splwow64.exe System system.ini System32 SystemResources SysWOW64 TAPI Tasks Temp ToastData tracing vmgcoinstall.log Vss Web win.ini WindowsShell.Manifest WindowsUpdate.log winhlp32.exe WinSxS write.exe
|
10398 - Microsoft Windows SMB LsaQueryInformationPolicy Function NULL Session Domain SID Enumeration |
[-/+] |
Synopsis
It was possible to obtain the domain SID.Description
By emulating the call to LsaQueryInformationPolicy(), it was possible to obtain the domain SID (Security Identifier). The domain SID can then be used to get the list of users of the domain.Solution
n/aRisk Factor
NoneReferences
Plugin Information:
Publication date: 2000/05/09, Modification date: 2016/11/15Ports
tcp/445
The remote domain SID value is : 1-5-21-2770019732-1922860174-1796585773
|
10399 - SMB Use Domain SID to Enumerate Users |
[-/+] |
Synopsis
Nessus was able to enumerate domain users.Description
Using the domain security identifier (SID), Nessus was able to enumerate the domain users on the remote Windows system.Solution
n/aRisk Factor
NoneReferences
Plugin Information:
Publication date: 2000/05/09, Modification date: 2017/02/02Ports
tcp/445
- Administrator (id 500, Administrator account) - krbtgt (id 502, Kerberos account) - Guest (id 501, Guest account) - BLDAD01$ (id 1001) - BLDDE01$ (id 1104) - de400$ (id 1105) - hisspd (id 1110) - netman (id 1111) - oracle (id 1112) - nmoper (id 1113) - nmuser (id 1114) - nmadmin (id 1115) - nmsbldad01$ (id 1116) - nmsbldde01$ (id 1117) - nmsNMSCADAbldas01$ (id 1118) - hostbldas01$ (id 1119) - nmsNMSCADAbldas02$ (id 1120) - hostbldas02$ (id 1121) - nmsORADBbldas01$ (id 1122) - nmsORADBbldas02$ (id 1123) - linux-ldap-user (id 1124) - ws500 (id 1125) - sadmin (id 1126) - operator1 (id 1127) - operator2 (id 1128) - operator3 (id 1129) - operator4 (id 1130) - operator5 (id 1131) - operator6 (id 1132) - operator7 (id 1133) - instructor (id 1134) - is500 (id 1135) - NmScadaFileUser (id 1136) - udwexplorer$ (id 1141) - pcu400$ (id 1142) Note that, in addition to the Administrator, Guest, and Kerberos accounts, Nessus has enumerated only those domain users with IDs between 1000 and 1200. To use a different range, edit the scan policy and change the 'Start UID' and/or 'End UID' preferences for this plugin, then re-run the scan.
|
10400 - Microsoft Windows SMB Registry Remotely Accessible |
[-/+] |
Synopsis
Access the remote Windows Registry.Description
It was possible to access the remote Windows Registry using the login / password combination used for the Windows local checks (SMB tests).Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2000/05/09, Modification date: 2015/01/12Ports
tcp/445
|
10456 - Microsoft Windows SMB Service Enumeration |
[-/+] |
Synopsis
It is possible to enumerate remote services.Description
This plugin implements the SvcOpenSCManager() and SvcEnumServices() calls to obtain, using the SMB protocol, the list of active and inactive services of the remote host. An attacker may use this feature to gain better knowledge of the remote host.Solution
To prevent the listing of the services from being obtained, you should either have tight login restrictions, so that only trusted users can access your host, and/or you should filter incoming traffic to this port.Risk Factor
NonePlugin Information:
Publication date: 2000/07/03, Modification date: 2015/01/12Ports
tcp/445
Active Services : ABB OPC Server Wrapper [ ABB NM OPC Wrapper ] Adobe Acrobat Update Service [ AdobeARMservice ] AppX Deployment Service (AppXSVC) [ AppXSvc ] Windows Audio Endpoint Builder [ AudioEndpointBuilder ] Windows Audio [ Audiosrv ] Base Filtering Engine [ BFE ] Background Intelligent Transfer Service [ BITS ] Background Tasks Infrastructure Service [ BrokerInfrastructure ] Certificate Propagation [ CertPropSvc ] COM+ System Application [ COMSysApp ] Cryptographic Services [ CryptSvc ] DCOM Server Process Launcher [ DcomLaunch ] DHCP Client [ Dhcp ] DNS Client [ Dnscache ] Diagnostic Policy Service [ DPS ] Windows Event Log [ EventLog ] COM+ Event System [ EventSystem ] Windows Font Cache Service [ FontCache ] Group Policy Client [ gpsvc ] IKE and AuthIP IPsec Keying Modules [ IKEEXT ] IP Helper [ iphlpsvc ] Server [ LanmanServer ] Workstation [ LanmanWorkstation ] TCP/IP NetBIOS Helper [ lmhosts ] Local Session Manager [ LSM ] Multimedia Class Scheduler [ MMCSS ] Windows Firewall [ MpsSvc ] Distributed Transaction Coordinator [ MSDTC ] Netlogon [ Netlogon ] Network List Service [ netprofm ] Network Location Awareness [ NlaSvc ] ABB NM Application Logger [ NmxAppLogService ] Network Store Interface Service [ nsi ] Network Time Protocol [ NTP ] OracleOraDB12Home1TNSListenerlist_MDB [ OracleOraDB12Home1TNSListenerlist_MDB ] OracleServiceMDB [ OracleServiceMDB ] OracleVssWriterMDB [ OracleVssWriterMDB ] ABB PCU400 Process Communication Unit [ PCU400 ] ABB PCU400 Monitoring [ PCU400InfoMonitoring ] Plug and Play [ PlugPlay ] IPsec Policy Agent [ PolicyAgent ] Power [ Power ] User Profile Service [ ProfSvc ] Remote Registry [ RemoteRegistry ] RPC Endpoint Mapper [ RpcEptMapper ] Remote Procedure Call (RPC) [ RpcSs ] Security Accounts Manager [ SamSs ] Task Scheduler [ Schedule ] System Event Notification Service [ SENS ] Remote Desktop Configuration [ SessionEnv ] Shell Hardware Detection [ ShellHWDetection ] Print Spooler [ Spooler ] System Events Broker [ SystemEventsBroker ] Remote Desktop Services [ TermService ] Themes [ Themes ] Apache Tomcat 7.0 Tomcat7 [ Tomcat7 ] Distributed Link Tracking Client [ TrkWks ] User Access Logging Service [ UALSVC ] Remote Desktop Services UserMode Port Redirector [ UmRdpService ] VMware Alias Manager and Ticket Service [ VGAuthService ] VMware Tools [ VMTools ] VMware Physical Disk Helper Service [ VMware Physical Disk Helper Service ] Windows Connection Manager [ Wcmsvc ] WinHTTP Web Proxy Auto-Discovery Service [ WinHttpAutoProxySvc ] Windows Management Instrumentation [ Winmgmt ] Windows Remote Management (WS-Management) [ WinRM ] Inactive Services : Application Experience [ AeLookupSvc ] Application Layer Gateway Service [ ALG ] Application Identity [ AppIDSvc ] Application Information [ Appinfo ] Application Management [ AppMgmt ] App Readiness [ AppReadiness ] Computer Browser [ Browser ] Optimize drives [ defragsvc ] Device Association Service [ DeviceAssociationService ] Device Install Service [ DeviceInstall ] Wired AutoConfig [ dot3svc ] Device Setup Manager [ DsmSvc ] Extensible Authentication Protocol [ Eaphost ] Encrypting File System (EFS) [ EFS ] Function Discovery Provider Host [ fdPHost ] Function Discovery Resource Publication [ FDResPub ] Windows Presentation Foundation Font Cache 3.0.0.0 [ FontCache3.0.0.0 ] Human Interface Device Service [ hidserv ] Health Key and Certificate Management [ hkmsvc ] Internet Explorer ETW Collector Service [ IEEtwCollectorService ] CNG Key Isolation [ KeyIso ] KDC Proxy Server service (KPS) [ KPSSVC ] KtmRm for Distributed Transaction Coordinator [ KtmRm ] Link-Layer Topology Discovery Mapper [ lltdsvc ] Microsoft iSCSI Initiator Service [ MSiSCSI ] Windows Installer [ msiserver ] Network Access Protection Agent [ napagent ] Network Connectivity Assistant [ NcaSvc ] Network Connections [ Netman ] Net.Tcp Port Sharing Service [ NetTcpPortSharing ] OracleJobSchedulerMDB [ OracleJobSchedulerMDB ] OracleRemExecServiceV2 [ OracleRemExecServiceV2 ] Office Source Engine [ ose ] Performance Counter DLL Host [ PerfHost ] Performance Logs & Alerts [ pla ] Printer Extensions and Notifications [ PrintNotify ] Remote Access Auto Connection Manager [ RasAuto ] Remote Access Connection Manager [ RasMan ] Routing and Remote Access [ RemoteAccess ] Remote Procedure Call (RPC) Locator [ RpcLocator ] Resultant Set of Policy Provider [ RSoPProv ] Special Administration Console Helper [ sacsvr ] Smart Card [ SCardSvr ] Smart Card Device Enumeration Service [ ScDeviceEnum ] Smart Card Removal Policy [ SCPolicySvc ] Secondary Logon [ seclogon ] Internet Connection Sharing (ICS) [ SharedAccess ] Microsoft Storage Spaces SMP [ smphost ] SNMP Trap [ SNMPTRAP ] Software Protection [ sppsvc ] SSDP Discovery [ SSDPSRV ] Secure Socket Tunneling Protocol Service [ SstpSvc ] Spot Verifier [ svsvc ] Microsoft Software Shadow Copy Provider [ swprv ] Superfetch [ SysMain ] Telephony [ TapiSrv ] Thread Ordering Server [ THREADORDER ] Storage Tiers Management [ TieringEngineService ] TP AutoConnect Service [ TPAutoConnSvc ] TP VC Gateway Service [ TPVCGateway ] Windows Modules Installer [ TrustedInstaller ] Interactive Services Detection [ UI0Detect ] UPnP Device Host [ upnphost ] Credential Manager [ VaultSvc ] Virtual Disk [ vds ] Hyper-V Guest Service Interface [ vmicguestinterface ] Hyper-V Heartbeat Service [ vmicheartbeat ] Hyper-V Data Exchange Service [ vmickvpexchange ] Hyper-V Remote Desktop Virtualization Service [ vmicrdv ] Hyper-V Guest Shutdown Service [ vmicshutdown ] Hyper-V Time Synchronization Service [ vmictimesync ] Hyper-V Volume Shadow Copy Requestor [ vmicvss ] VMware Snapshot Provider [ vmvss ] Volume Shadow Copy [ VSS ] Windows Time [ W32Time ] Windows Color System [ WcsPlugInService ] Diagnostic Service Host [ WdiServiceHost ] Diagnostic System Host [ WdiSystemHost ] Windows Event Collector [ Wecsvc ] Windows Encryption Provider Host Service [ WEPHOSTSVC ] Problem Reports and Solutions Control Panel Support [ wercplsupport ] Windows Error Reporting Service [ WerSvc ] WMI Performance Adapter [ wmiApSrv ] Portable Device Enumerator Service [ WPDBusEnum ] Windows Store Service (WSService) [ WSService ] Windows Update [ wuauserv ] Windows Driver Foundation - User-mode Driver Framework [ wudfsvc ]
|
10736 - DCE Services Enumeration |
[-/+] |
Synopsis
A DCE/RPC service is running on the remote host.Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2001/08/26, Modification date: 2014/05/12Ports
tcp/445
The following DCERPC services are available remotely : Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91 UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0 Description : Unknown RPC service Type : Remote RPC service Named pipe : \PIPE\InitShutdown Netbios name : \\BLDDE01 Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000 UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0 Description : Unknown RPC service Type : Remote RPC service Named pipe : \PIPE\InitShutdown Netbios name : \\BLDDE01 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 Description : Unknown RPC service Type : Remote RPC service Named pipe : \pipe\LSM_API_service Netbios name : \\BLDDE01 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 7f1343fe-50a9-4927-a778-0c5859517bac, version 1.0 Description : Unknown RPC service Annotation : DfsDs service Type : Remote RPC service Named pipe : \PIPE\wkssvc Netbios name : \\BLDDE01 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Remote RPC service Named pipe : \PIPE\atsvc Netbios name : \\BLDDE01 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Remote RPC service Named pipe : \PIPE\atsvc Netbios name : \\BLDDE01 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0 Description : Unknown RPC service Type : Remote RPC service Named pipe : \PIPE\atsvc Netbios name : \\BLDDE01 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0 Description : Unknown RPC service Type : Remote RPC service Named pipe : \PIPE\atsvc Netbios name : \\BLDDE01 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0 Description : Unknown RPC service Annotation : IKE/Authip API Type : Remote RPC service Named pipe : \PIPE\atsvc Netbios name : \\BLDDE01 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0 Description : Unknown RPC service Annotation : IP Transition Configuration endpoint Type : Remote RPC service Named pipe : \PIPE\atsvc Netbios name : \\BLDDE01 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0 Description : Unknown RPC service Annotation : Proxy Manager provider server endpoint Type : Remote RPC service Named pipe : \PIPE\atsvc Netbios name : \\BLDDE01 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0 Description : Unknown RPC service Annotation : Proxy Manager client server endpoint Type : Remote RPC service Named pipe : \PIPE\atsvc Netbios name : \\BLDDE01 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0 Description : Unknown RPC service Annotation : Adh APIs Type : Remote RPC service Named pipe : \PIPE\atsvc Netbios name : \\BLDDE01 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0 Description : Unknown RPC service Annotation : XactSrv service Type : Remote RPC service Named pipe : \PIPE\atsvc Netbios name : \\BLDDE01 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 1a0d010f-1c33-432c-b0f5-8cf4e8053099, version 1.0 Description : Unknown RPC service Annotation : IdSegSrv service Type : Remote RPC service Named pipe : \PIPE\atsvc Netbios name : \\BLDDE01 Object UUID : 73736573-6f69-656e-6e76-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Remote RPC service Named pipe : \PIPE\atsvc Netbios name : \\BLDDE01 Object UUID : 73736573-6f69-656e-6e76-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Remote RPC service Named pipe : \PIPE\srvsvc Netbios name : \\BLDDE01 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0 Description : Unknown RPC service Type : Remote RPC service Named pipe : \PIPE\atsvc Netbios name : \\BLDDE01 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0 Description : Unknown RPC service Type : Remote RPC service Named pipe : \PIPE\srvsvc Netbios name : \\BLDDE01 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0 Description : Unknown RPC service Type : Remote RPC service Named pipe : \pipe\SessEnvPublicRpc Netbios name : \\BLDDE01 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0 Description : Unknown RPC service Annotation : Event log TCPIP Type : Remote RPC service Named pipe : \pipe\eventlog Netbios name : \\BLDDE01 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0 Description : Unknown RPC service Annotation : NRP server endpoint Type : Remote RPC service Named pipe : \pipe\eventlog Netbios name : \\BLDDE01 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : abfb6ca3-0c5e-4734-9285-0aee72fe8d1c, version 1.0 Description : Unknown RPC service Annotation : Wcm Service Type : Remote RPC service Named pipe : \pipe\eventlog Netbios name : \\BLDDE01 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0 Description : Unknown RPC service Annotation : DHCPv6 Client LRPC Endpoint Type : Remote RPC service Named pipe : \pipe\eventlog Netbios name : \\BLDDE01 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0 Description : DHCP Client Service Windows process : svchost.exe Annotation : DHCP Client LRPC Endpoint Type : Remote RPC service Named pipe : \pipe\eventlog Netbios name : \\BLDDE01 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Remote RPC service Named pipe : \pipe\lsass Netbios name : \\BLDDE01 Object UUID : 5fc860e0-6f6e-4fc2-83cd-46324f25e90b UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0 Description : Unknown RPC service Annotation : RemoteAccessCheck Type : Remote RPC service Named pipe : \pipe\lsass Netbios name : \\BLDDE01 Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0 Description : Unknown RPC service Annotation : RemoteAccessCheck Type : Remote RPC service Named pipe : \pipe\lsass Netbios name : \\BLDDE01 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 Description : Unknown RPC service Type : Remote RPC service Named pipe : \pipe\LSM_API_service Netbios name : \\BLDDE01
|
10785 - Microsoft Windows SMB NativeLanManager Remote System Information Disclosure |
[-/+] |
Synopsis
It was possible to obtain information about the remote operating system.Description
Nessus was able to obtain the remote operating system name and version (Windows and/or Samba) by sending an authentication request to port 139 or 445. Note that this plugin requires SMB1 to be enabled on the host.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2001/10/17, Modification date: 2017/02/21Ports
tcp/445
The remote Operating System is : Windows Server 2012 R2 Standard 9600 The remote native LAN manager is : Windows Server 2012 R2 Standard 6.3 The remote SMB Domain Name is : BLD01SEC
|
10859 - Microsoft Windows SMB LsaQueryInformationPolicy Function SID Enumeration |
[-/+] |
Synopsis
It is possible to obtain the host SID for the remote host.Description
By emulating the call to LsaQueryInformationPolicy(), it was possible to obtain the host SID (Security Identifier). The host SID can then be used to get the list of local users.See Also
Solution
You can prevent anonymous lookups of the host SID by setting the 'RestrictAnonymous' registry setting to an appropriate value. Refer to the 'See also' section for guidance.Risk Factor
NoneReferences
Plugin Information:
Publication date: 2002/02/13, Modification date: 2015/11/18Ports
tcp/445
The remote host SID value is : 1-5-21-2659951044-3182031200-318033672 The value of 'RestrictAnonymous' setting is : 0
|
10860 - SMB Use Host SID to Enumerate Local Users |
[-/+] |
Synopsis
Nessus was able to enumerate local users.Description
Using the host security identifier (SID), Nessus was able to enumerate local users on the remote Windows system.Solution
n/aRisk Factor
NoneReferences
Plugin Information:
Publication date: 2002/02/13, Modification date: 2017/02/02Ports
tcp/445
- Administrator (id 500, Administrator account) - Guest (id 501, Guest account) Note that, in addition to the Administrator and Guest accounts, Nessus has enumerated only those local users with IDs between 1000 and 1200. To use a different range, edit the scan policy and change the 'Start UID' and/or 'End UID' preferences for this plugin, then re-run the scan.
|
10902 - Microsoft Windows 'Administrators' Group User List |
[-/+] |
Synopsis
There is at least one user in the 'Administrators' group.Description
Using the supplied credentials, it is possible to extract the member list of the 'Administrators' group. Members of this group have complete access to the remote system.Solution
Verify that each member of the group should have this type of access.Risk Factor
NonePlugin Information:
Publication date: 2002/03/15, Modification date: 2016/08/24Ports
tcp/445
The following users are members of the 'Administrators' group : - BLDDE01\Administrator (User) - BLD01SEC\Domain Admins (Group)
|
11011 - Microsoft Windows SMB Service Detection |
[-/+] |
Synopsis
A file / print sharing service is listening on the remote host.Description
The remote service understands the CIFS (Common Internet File System) or Server Message Block (SMB) protocol, used to provide shared access to files, printers, etc between nodes on a network.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2002/06/05, Modification date: 2015/06/02Ports
tcp/445
A CIFS server is running on this port.
|
11777 - Microsoft Windows SMB Share Hosting Possibly Copyrighted Material |
[-/+] |
Synopsis
The remote host may contain material (movies/audio) infringing copyright.Description
This plugin displays a list of media files (such as .mp3, .ogg, .mpg, .avi) which have been found on the remote SMB shares. Some of these files may contain copyrighted materials, such as commercial movies or music files, that are being shared without the owner's permission. If any of these files actually contain copyrighted material, and if they are freely swapped around, your organization might be held liable for copyright infringement by associations such as the RIAA or the MPAA.Solution
Delete the files infringing copyright.Risk Factor
NonePlugin Information:
Publication date: 2003/06/26, Modification date: 2012/11/29Ports
tcp/445
Here is a list of files which have been found on the remote SMB shares. Some of these files may contain copyrighted materials, such as commercial movies or music files. + C$ : \oradev6i\tools\doc60\us\r04.avi \oradev6i\tools\doc60\us\r03_.avi \oradev6i\tools\doc60\us\r03.avi \oradev6i\tools\doc60\us\r02_.avi \oradev6i\tools\doc60\us\r02.avi \oradev6i\tools\doc60\us\p06.avi \oradev6i\tools\doc60\us\p05_.avi \oradev6i\tools\doc60\us\p05.avi \oradev6i\tools\doc60\us\p04_.avi \oradev6i\tools\doc60\us\p04.avi \oradev6i\tools\doc60\us\g03_.avi \oradev6i\tools\doc60\us\g03.avi \oradev6i\tools\doc60\us\g02_.avi \oradev6i\tools\doc60\us\g02.avi \oradev6i\tools\doc60\us\g01_.avi \oradev6i\tools\doc60\us\g01.avi \oradev6i\tools\doc60\us\f02.avi \oradev6i\tools\doc60\us\f02_.avi \oradev6i\tools\doc60\us\f03_.avi \oradev6i\tools\doc60\us\f04_.avi \oradev6i\tools\doc60\us\f05_.avi \oradev6i\tools\doc60\us\p01.avi \oradev6i\tools\doc60\us\p01_.avi \oradev6i\tools\doc60\us\p02.avi \oradev6i\tools\doc60\us\p02_.avi \oradev6i\tools\doc60\us\p03.avi \oradev6i\tools\doc60\us\p03_.avi \oradev6i\tools\doc60\us\p06_.avi \oradev6i\tools\doc60\us\p07.avi \oradev6i\tools\doc60\us\p07_.avi \oradev6i\tools\doc60\us\r01.avi \oradev6i\tools\doc60\us\r01_.avi \oradev6i\tools\doc60\us\r04_.avi \oradev6i\tools\doc60\us\r06.avi \oradev6i\tools\doc60\us\r06_.avi \oradev6i\tools\doc60\us\r08.avi \oradev6i\tools\doc60\us\r08_.avi \program files (x86)\microsoft office\office16\media\defaulthold.wma
|
12028 - Microsoft Windows SMB : WindowsUpdate Disabled |
[-/+] |
Synopsis
Remote system is not configured for automatic updates.Description
The remote host does not have Windows Update enabled. Enabling WindowsUpdate will ensure that the remote Windows host has all the latest Microsoft Patches installed.See Also
Solution
Enable Windows Update on this hostRisk Factor
NonePlugin Information:
Publication date: 2004/01/22, Modification date: 2015/01/12Ports
tcp/445
Nessus determined 'Automatic Updates' are disabled based on the following registry setting(s) : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\AUOptions : 1
|
17651 - Microsoft Windows SMB : Obtains the Password Policy |
[-/+] |
Synopsis
It is possible to retrieve the remote host's password policy using the supplied credentials.Description
Using the supplied credentials it was possible to extract the password policy for the remote Windows host. The password policy must conform to the Informational System Policy.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2005/03/30, Modification date: 2015/01/12Ports
tcp/445
The following password policy is defined on the remote host: Minimum password len: 7 Password history len: 24 Maximum password age (d): 42 Password must meet complexity requirements: Enabled Minimum password age (d): 1 Forced logoff time (s): Not set Locked account time (s): 1800 Time between failed logon (s): 1800 Number of invalid logon before locked out (s): 0
|
20811 - Microsoft Windows Installed Software Enumeration (credentialed check) |
[-/+] |
Synopsis
It is possible to enumerate installed software.Description
This plugin lists software potentially installed on the remote host by crawling the registry entries in : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall HKLM\SOFTWARE\Microsoft\Updates Note that these entries do not necessarily mean the applications are actually installed on the remote host - they may have been left behind by uninstallers, or the associated files may have been manually removed.Solution
Remove any applications that are not compliant with your organization's acceptable use and security policies.Risk Factor
NonePlugin Information:
Publication date: 2006/01/26, Modification date: 2013/07/25Ports
tcp/445
The following software are installed on the remote host : Apache Tomcat 7.0 Tomcat7 (remove only) [version 7.0.65] Microsoft Office Professional Plus 2016 [version 16.0.4266.1001] VMware Tools [version 10.0.10.4301679] [installed on 2016/09/19] Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 [version 10.0.40219] [installed on 2016/04/08] Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 [version 9.0.30729.4148] [installed on 2016/04/07] Java 8 Update 73 [version 8.0.730.2] [installed on 2016/04/11] Microsoft .NET Framework 4.6.1 SDK [version 4.6.01055] [installed on 2016/04/08] PCU400 6.4 [version 6.4.4] [installed on 2016/04/12] Oracle_Dev6i_Forms_Deployment [version 5.0.02.201205] [installed on 2016/04/08] Java Auto Updater [version 2.8.73.2] [installed on 2016/04/11] NMBase [version 9.0.123.201606] [installed on 2016/06/22] Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 [version 9.0.30729.6161] [installed on 2016/04/07] PictureGenerator [version 9.0.123.201606] [installed on 2016/06/22] Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 [version 14.0.23026.0] Microsoft .NET Framework 4.6.1 Targeting Pack [version 4.6.01055] [installed on 2016/04/08] Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) [version 4.6.01055] [installed on 2016/04/08] Microsoft Access MUI (English) 2016 [version 16.0.4266.1001] [installed on 2016/04/11] Microsoft Excel MUI (English) 2016 [version 16.0.4266.1001] [installed on 2016/04/11] Microsoft PowerPoint MUI (English) 2016 [version 16.0.4266.1001] [installed on 2016/04/11] Microsoft Publisher MUI (English) 2016 [version 16.0.4266.1001] [installed on 2016/04/11] Microsoft Outlook MUI (English) 2016 [version 16.0.4266.1001] [installed on 2016/04/11] Microsoft Word MUI (English) 2016 [version 16.0.4266.1001] [installed on 2016/04/11] Microsoft Office Proofing Tools 2016 - English [version 16.0.4266.1001] [installed on 2016/04/11] Outils de v.rification linguistique 2016 de Microsoft Office.- Fran.ais [version 16.0.4266.1001] [installed on 2016/04/11] Herramientas de correcci.n de Microsoft Office 2016: espa.ol [version 16.0.4266.1001] [installed on 2016/04/11] Microsoft Office 64-bit Components 2016 [version 16.0.4266.1001] [installed on 2016/04/11] Microsoft Office Shared 64-bit MUI (English) 2016 [version 16.0.4266.1001] [installed on 2016/04/11] Microsoft Office Proofing (English) 2016 [version 16.0.4266.1001] [installed on 2016/04/11] Microsoft InfoPath MUI (English) 2016 [version 16.0.4266.1001] [installed on 2016/04/11] Microsoft Office Shared MUI (English) 2016 [version 16.0.4266.1001] [installed on 2016/04/11] Microsoft DCF MUI (English) 2016 [version 16.0.4266.1001] [installed on 2016/04/11] Microsoft OneNote MUI (English) 2016 [version 16.0.4266.1001] [installed on 2016/04/11] Microsoft Groove MUI (English) 2016 [version 16.0.4266.1001] [installed on 2016/04/11] Microsoft Office OSM MUI (English) 2016 [version 16.0.4266.1001] [installed on 2016/04/11] Microsoft Office OSM UX MUI (English) 2016 [version 16.0.4266.1001] [installed on 2016/04/11] Microsoft Office Shared Setup Metadata MUI (English) 2016 [version 16.0.4266.1001] [installed on 2016/04/11] Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2016 [version 16.0.4266.1001] [installed on 2016/04/11] Microsoft Access Setup Metadata MUI (English) 2016 [version 16.0.4266.1001] [installed on 2016/04/11] Microsoft Skype for Business MUI (English) 2016 [version 16.0.4266.1001] [installed on 2016/04/11] WS500 [version 9.0.123.201606] [installed on 2016/06/22] DE400 [version 9.0.123.201606] [installed on 2016/06/22] Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.23026 [version 14.0.23026] [installed on 2016/04/08] NMAutoBuild [version 9.0.122.201606] [installed on 2016/06/20] Adobe Acrobat Reader DC [version 15.020.20039] [installed on 2016/11/10] Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.23026 [version 14.0.23026] [installed on 2016/04/08] WS500 LangPack (sv-SE) [version 9.0.123.201606] [installed on 2016/06/22] MIT Kerberos for Windows (32-bit) 3.2.2 [version 3.2.2] [installed on 2016/04/08] WinSCP [version 5.7.7] [installed on 2016/06/22] GED400 [version 9.0.123.201606] [installed on 2016/06/22] Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 [version 10.0.40219] [installed on 2016/04/08] PuTTY [version 0.67] [installed on 2016/06/20] Microsoft .NET Framework 4.6.1 Developer Pack [version 4.6.1055] The following updates are installed : Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 : KB2151757 [version 1] [installed on 4/8/2016] KB2467173 [version 1] [installed on 4/8/2016] KB982573 [version 1] [installed on 4/8/2016] Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 : KB2151757 [version 1] [installed on 4/8/2016] KB2467173 [version 1] [installed on 4/8/2016] KB982573 [version 1] [installed on 4/8/2016]
|
20836 - Adobe Reader Detection |
[-/+] |
Synopsis
There is a PDF file viewer installed on the remote Windows host.Description
Adobe Reader, a PDF file viewer, is installed on the remote host.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2006/02/02, Modification date: 2016/03/10Ports
tcp/445
Nessus discovered the following installation of Adobe Reader : Path : C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader Version : 15.20.20039.203716
|
23974 - Microsoft Windows SMB Share Hosting Office Files |
[-/+] |
Synopsis
The remote share contains Office-related files.Description
This plugin connects to the remotely accessible SMB shares and attempts to find office related files (such as .doc, .ppt, .xls, .pdf etc).Solution
Make sure that the files containing confidential information have proper access controls set on them.Risk Factor
NonePlugin Information:
Publication date: 2007/01/04, Modification date: 2011/03/21Ports
tcp/445
Here is a list of office files which have been found on the remote SMB shares : + C$ : - \windows\winsxs\x86_microsoft-windows-r..ement-client-v1-api_31bf3856ad364e35_6.3.9600.17415_none_7ce9fc3baea493ac\msoirmprotector.doc - \windows\winsxs\x86_microsoft-windows-r..ement-client-v1-api_31bf3856ad364e35_6.3.9600.16483_none_7c9c62fbaedf0af4\msoirmprotector.doc - \windows\winsxs\x86_microsoft-windows-r..ement-client-v1-api_31bf3856ad364e35_6.3.9600.16384_none_7c9d615faede2724\msoirmprotector.doc - \spide\upg\upgrade_to_6_1.doc - \spide\upg\upgrade_to_5_5.doc - \spide\upg\upgrade_to_5_3_sr2.doc - \spide\upg\upgrade_to_5_2_4.doc - \spide\upg\upgrade_to_5_2.doc - \spide\upg\upgrade_to_3_7.doc - \spide\upg\upgrade_to_3_5.doc - \spide\upg\upgrade_to_3_4.doc - \spide\upg\upgrade_to_3_2.doc - \spide\upg\upgrade_to_12_0.doc - \spide\upg\upgrade_to_11_1.doc - \pcu400\drivers\ssh\putty config.doc - \pcu400\drivers\rcm\rcm1\rcm_fpga_3.0.3+rcmtools_0.22.doc - \oradev6i\plus80\readme.doc - \oradev6i\plus80\help\readme.doc - \oracle\product\12.1.0\dbhome_1\relnotes\readmes\readme_locator.doc - \pcu400\templates\protocol templates\simulated rp570 multidrop gateway\configuration.doc - \program files (x86)\abb\ws500\bin\wah606.doc - \program files (x86)\microsoft office\office16\1033\prottpln.doc - \program files (x86)\microsoft office\office16\1033\prottplv.doc - \spide\upg\upgrade_to_10_3.doc - \spide\upg\upgrade_to_10_5.doc - \spide\upg\upgrade_to_3_8.doc - \spide\upg\upgrade_to_4_0.doc - \spide\upg\upgrade_to_4_2_4.doc - \spide\upg\upgrade_to_5_0.doc - \spide\upg\upgrade_to_5_1.doc - \windows\system32\msdrm\msoirmprotector.doc - \windows\syswow64\msdrm\msoirmprotector.doc - \windows\winsxs\amd64_microsoft-windows-r..ement-client-v1-api_31bf3856ad364e35_6.3.9600.16384_none_d8bbfce3673b985a\msoirmprotector.doc - \windows\winsxs\amd64_microsoft-windows-r..ement-client-v1-api_31bf3856ad364e35_6.3.9600.16483_none_d8bafe7f673c7c2a\msoirmprotector.doc - \windows\winsxs\amd64_microsoft-windows-r..ement-client-v1-api_31bf3856ad364e35_6.3.9600.17415_none_d90897bf670204e2\msoirmprotector.doc - \windows\winsxs\x86_microsoft-windows-r..ement-client-v1-api_31bf3856ad364e35_6.3.9600.17415_none_7ce9fc3baea493ac\msoirmprotector.ppt - \windows\winsxs\x86_microsoft-windows-r..ement-client-v1-api_31bf3856ad364e35_6.3.9600.16483_none_7c9c62fbaedf0af4\msoirmprotector.ppt - \windows\winsxs\x86_microsoft-windows-r..ement-client-v1-api_31bf3856ad364e35_6.3.9600.16384_none_7c9d615faede2724\msoirmprotector.ppt - \windows\winsxs\amd64_microsoft-windows-r..ement-client-v1-api_31bf3856ad364e35_6.3.9600.17415_none_d90897bf670204e2\msoirmprotector.ppt - \windows\winsxs\amd64_microsoft-windows-r..ement-client-v1-api_31bf3856ad364e35_6.3.9600.16483_none_d8bafe7f673c7c2a\msoirmprotector.ppt - \program files (x86)\microsoft office\office16\1033\prottpln.ppt - \program files (x86)\microsoft office\office16\1033\prottplv.ppt - \windows\system32\msdrm\msoirmprotector.ppt - \windows\syswow64\msdrm\msoirmprotector.ppt - \windows\winsxs\amd64_microsoft-windows-r..ement-client-v1-api_31bf3856ad364e35_6.3.9600.16384_none_d8bbfce3673b985a\msoirmprotector.ppt - \windows\winsxs\amd64_microsoft-windows-r..ement-client-v1-api_31bf3856ad364e35_6.3.9600.16384_none_d8bbfce3673b985a\msoirmprotector.xls - \windows\syswow64\msdrm\msoirmprotector.xls - \windows\system32\msdrm\msoirmprotector.xls - \users\administrator\appdata\roaming\abb\prodplan\prodplan.xls - \users\administrator.bld01sec\appdata\roaming\abb\sis\sisconfig.xls - \program files (x86)\microsoft office\office16\1033\prottpln.xls - \program files (x86)\abb\ws500\bin\sisconfig.xls - \program files (x86)\abb\ws500\bin\prodplan.xls - \program files (x86)\abb\ws500\bin\its_hmi.xls - \program files (x86)\abb\ws500\bin\hydroplan.xls - \pcu400\templates\protocol templates\simulated rp570 multidrop gateway\pcu400-de signal list pcv.xls - \oracle\product\12.1.0\dbhome_1\apex\images\tasks.xls - \pcu400\excel de\pcu400-de signal list.xls - \pcu400\excel de\pcu400-de system list.xls - \pcu400\excel de\pcu400-de.xls - \pcu400\excel de\saco module template pcu400-de signal list.xls - \program files (x86)\microsoft office\office16\1033\prottplv.xls - \program files (x86)\microsoft office\office16\samples\solvsamp.xls - \users\administrator.bld01sec\appdata\roaming\abb\hydroplan\amherst bg-hydroplan.xls - \users\administrator.bld01sec\appdata\roaming\abb\hydroplan\hydroplan.xls - \users\administrator.bld01sec\appdata\roaming\abb\its\its_hmi.xls - \users\administrator.bld01sec\appdata\roaming\abb\prodplan\prodplan.xls - \windows\winsxs\amd64_microsoft-windows-r..ement-client-v1-api_31bf3856ad364e35_6.3.9600.16483_none_d8bafe7f673c7c2a\msoirmprotector.xls - \windows\winsxs\amd64_microsoft-windows-r..ement-client-v1-api_31bf3856ad364e35_6.3.9600.17415_none_d90897bf670204e2\msoirmprotector.xls - \windows\winsxs\x86_microsoft-windows-r..ement-client-v1-api_31bf3856ad364e35_6.3.9600.16384_none_7c9d615faede2724\msoirmprotector.xls - \windows\winsxs\x86_microsoft-windows-r..ement-client-v1-api_31bf3856ad364e35_6.3.9600.16483_none_7c9c62fbaedf0af4\msoirmprotector.xls - \windows\winsxs\x86_microsoft-windows-r..ement-client-v1-api_31bf3856ad364e35_6.3.9600.17415_none_7ce9fc3baea493ac\msoirmprotector.xls
|
33545 - Oracle Java Runtime Environment (JRE) Detection |
[-/+] |
Synopsis
There is a Java runtime environment installed on the remote Windows host.Description
One or more instances of Oracle's (formerly Sun's) Java Runtime Environment (JRE) is installed on the remote host. This may include private JREs bundled with the Java Development Kit (JDK).See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/07/18, Modification date: 2016/03/21Ports
tcp/445
The following instance of Oracle's JRE is installed on the remote host : Path : C:\Program Files (x86)\Java\jre1.8.0_73 Version : 1.8.0_73
|
34220 - Netstat Portscanner (WMI) |
[-/+] |
Synopsis
The list of open ports could be retrieved via netstat.Description
Using the WMI interface, it was possible to get the open ports by running the netstat command remotely.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/16, Modification date: 2017/04/03Ports
tcp/445
Port 445/tcp was found to be open
|
34252 - Microsoft Windows Remote Listeners Enumeration (WMI) |
[-/+] |
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/23, Modification date: 2017/04/03Ports
tcp/445
The Win32 process 'System' is listening on this port (pid 4).
|
35730 - Microsoft Windows USB Device Usage Report |
[-/+] |
Synopsis
It was possible to get a list of USB devices that may have been connected to the remote system in the past.Description
Using the supplied credentials, this plugin enumerates USB devices that have been connected to the remote Windows host in the past.See Also
Solution
Make sure that the use of USB drives is in accordance with your organization's security policy.Risk Factor
NonePlugin Information:
Publication date: 2009/02/24, Modification date: 2016/05/11Ports
tcp/445
The following is a list of USB devices that have been connected to remote system at least once in the past : Device Name : CBM USB2.0 USB Device Last Inserted Time : Mar. 28, 2017 at 09:12:13 GMT First used : unknown (Note that for a complete listing of 'First used' times you should run this test with the option 'thorough_tests' enabled.)
|
38689 - Microsoft Windows SMB Last Logged On User Disclosure |
[-/+] |
Synopsis
Nessus was able to identify the last logged on user on the remote host.Description
By connecting to the remote host with the supplied credentials, Nessus was able to identify the username associated with the last successful logon.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2009/05/05, Modification date: 2017/01/26Ports
tcp/445
Last Successful logon : Administrator
|
44401 - Microsoft Windows SMB Service Config Enumeration |
[-/+] |
Synopsis
It was possible to enumerate configuration parameters of remote services.Description
Nessus was able to obtain, via the SMB protocol, the launch parameters of each active service on the remote host (executable path, logon type, etc).Solution
Ensure that each service is configured properly.Risk Factor
NonePlugin Information:
Publication date: 2010/02/05, Modification date: 2016/10/20Ports
tcp/445
The following services are set to start automatically : ABB NM OPC Wrapper startup parameters : Display name : ABB OPC Server Wrapper Service name : ABB NM OPC Wrapper Log on as : LocalSystem Executable path : "C:\Program Files (x86)\ABB\NMBase\bin\ABB.NM.OPCServerWrapper.exe" AdobeARMservice startup parameters : Display name : Adobe Acrobat Update Service Service name : AdobeARMservice Log on as : LocalSystem Executable path : "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" Audiosrv startup parameters : Display name : Windows Audio Service name : Audiosrv Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted Dependencies : AudioEndpointBuilder/RpcSs/MMCSS/ BFE startup parameters : Display name : Base Filtering Engine Service name : BFE Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork Dependencies : RpcSs/WfpLwfs/ BITS startup parameters : Display name : Background Intelligent Transfer Service Service name : BITS Log on as : LocalSystem Executable path : C:\Windows\System32\svchost.exe -k netsvcs Dependencies : RpcSs/EventSystem/ CryptSvc startup parameters : Display name : Cryptographic Services Service name : CryptSvc Log on as : NT Authority\NetworkService Executable path : C:\Windows\system32\svchost.exe -k NetworkService Dependencies : RpcSs/ Dhcp startup parameters : Display name : DHCP Client Service name : Dhcp Log on as : NT Authority\LocalService Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted Dependencies : NSI/Tdx/Afd/ Dnscache startup parameters : Display name : DNS Client Service name : Dnscache Log on as : NT AUTHORITY\NetworkService Executable path : C:\Windows\system32\svchost.exe -k NetworkService Dependencies : Tdx/nsi/ EventLog startup parameters : Display name : Windows Event Log Service name : EventLog Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted EventSystem startup parameters : Display name : COM+ Event System Service name : EventSystem Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\system32\svchost.exe -k LocalService Dependencies : rpcss/ FontCache startup parameters : Display name : Windows Font Cache Service Service name : FontCache Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\system32\svchost.exe -k LocalService IKEEXT startup parameters : Display name : IKE and AuthIP IPsec Keying Modules Service name : IKEEXT Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k netsvcs Dependencies : BFE/ LanmanServer startup parameters : Display name : Server Service name : LanmanServer Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k netsvcs Dependencies : SamSS/Srv2/ LanmanWorkstation startup parameters : Display name : Workstation Service name : LanmanWorkstation Log on as : NT AUTHORITY\NetworkService Executable path : C:\Windows\System32\svchost.exe -k NetworkService Dependencies : Bowser/MRxSmb20/NSI/ MpsSvc startup parameters : Display name : Windows Firewall Service name : MpsSvc Log on as : NT Authority\LocalService Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork Dependencies : mpsdrv/bfe/ NTP startup parameters : Display name : Network Time Protocol Service name : NTP Log on as : BLD01SEC\pcu400$ Executable path : c:\Pcu400\Run\ntpd.exe Netlogon startup parameters : Display name : Netlogon Service name : Netlogon Log on as : LocalSystem Executable path : C:\Windows\system32\lsass.exe Dependencies : LanmanWorkstation/ NlaSvc startup parameters : Display name : Network Location Awareness Service name : NlaSvc Log on as : NT AUTHORITY\NetworkService Executable path : C:\Windows\System32\svchost.exe -k NetworkService Dependencies : NSI/RpcSs/TcpIp/Dhcp/Eventlog/ NmxAppLogService startup parameters : Display name : ABB NM Application Logger Service name : NmxAppLogService Log on as : LocalSystem Executable path : C:\Program Files (x86)\ABB\NMBase\bin\NmxAppLogService.exe Dependencies : RPCSS/ OracleOraDB12Home1TNSListenerlist_MDB startup parameters : Display name : OracleOraDB12Home1TNSListenerlist_MDB Service name : OracleOraDB12Home1TNSListenerlist_MDB Log on as : bld01sec\de400$ Executable path : C:\oracle\product\12.1.0\dbhome_1\BIN\TNSLSNR OracleServiceMDB startup parameters : Display name : OracleServiceMDB Service name : OracleServiceMDB Log on as : bld01sec\de400$ Executable path : c:\oracle\product\12.1.0\dbhome_1\bin\ORACLE.EXE MDB OracleVssWriterMDB startup parameters : Display name : OracleVssWriterMDB Service name : OracleVssWriterMDB Log on as : bld01sec\de400$ Executable path : c:\oracle\product\12.1.0\dbhome_1\bin\OraVSSW.exe MDB PCU400InfoMonitoring startup parameters : Display name : ABB PCU400 Monitoring Service name : PCU400InfoMonitoring Log on as : LocalSystem Executable path : C:\Pcu400\Run\PCUMonSrv.exe Dependencies : RPCSS/ Power startup parameters : Display name : Power Service name : Power Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch ProfSvc startup parameters : Display name : User Profile Service Service name : ProfSvc Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k netsvcs Dependencies : RpcSs/ RemoteRegistry startup parameters : Display name : Remote Registry Service name : RemoteRegistry Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\system32\svchost.exe -k localService Dependencies : RPCSS/ SENS startup parameters : Display name : System Event Notification Service Service name : SENS Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k netsvcs Dependencies : EventSystem/ SamSs startup parameters : Display name : Security Accounts Manager Service name : SamSs Log on as : LocalSystem Executable path : C:\Windows\system32\lsass.exe Dependencies : RPCSS/ ShellHWDetection startup parameters : Display name : Shell Hardware Detection Service name : ShellHWDetection Log on as : LocalSystem Executable path : C:\Windows\System32\svchost.exe -k netsvcs Dependencies : RpcSs/ Spooler startup parameters : Display name : Print Spooler Service name : Spooler Log on as : LocalSystem Executable path : C:\Windows\System32\spoolsv.exe Dependencies : RPCSS/http/ Themes startup parameters : Display name : Themes Service name : Themes Log on as : LocalSystem Executable path : C:\Windows\System32\svchost.exe -k netsvcs Tomcat7 startup parameters : Display name : Apache Tomcat 7.0 Tomcat7 Service name : Tomcat7 Log on as : LocalSystem Executable path : "C:\Program Files (x86)\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7.exe" //RS//Tomcat7 Dependencies : Tcpip/Afd/ TrkWks startup parameters : Display name : Distributed Link Tracking Client Service name : TrkWks Log on as : LocalSystem Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted Dependencies : RpcSs/ UALSVC startup parameters : Display name : User Access Logging Service Service name : UALSVC Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted Dependencies : WinMgmt/ VGAuthService startup parameters : Display name : VMware Alias Manager and Ticket Service Service name : VGAuthService Log on as : LocalSystem Executable path : "C:\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe" VMTools startup parameters : Display name : VMware Tools Service name : VMTools Log on as : LocalSystem Executable path : "C:\Program Files\VMware\VMware Tools\vmtoolsd.exe" VMware Physical Disk Helper Service startup parameters : Display name : VMware Physical Disk Helper Service Service name : VMware Physical Disk Helper Service Log on as : LocalSystem Executable path : "C:\Program Files\VMware\VMware Tools\vmacthlp.exe" Wcmsvc startup parameters : Display name : Windows Connection Manager Service name : Wcmsvc Log on as : NT Authority\LocalService Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted Dependencies : RpcSs/ WinRM startup parameters : Display name : Windows Remote Management (WS-Management) Service name : WinRM Log on as : NT AUTHORITY\NetworkService Executable path : C:\Windows\System32\svchost.exe -k NetworkService Dependencies : RPCSS/HTTP/ Winmgmt startup parameters : Display name : Windows Management Instrumentation Service name : Winmgmt Log on as : localSystem Executable path : C:\Windows\system32\svchost.exe -k netsvcs Dependencies : RPCSS/ iphlpsvc startup parameters : Display name : IP Helper Service name : iphlpsvc Log on as : LocalSystem Executable path : C:\Windows\System32\svchost.exe -k NetSvcs Dependencies : RpcSS/Tdx/winmgmt/tcpip/nsi/WinHttpAutoProxySvc/ lmhosts startup parameters : Display name : TCP/IP NetBIOS Helper Service name : lmhosts Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted Dependencies : NetBT/Afd/ nsi startup parameters : Display name : Network Store Interface Service Service name : nsi Log on as : NT Authority\LocalService Executable path : C:\Windows\system32\svchost.exe -k LocalService Dependencies : rpcss/nsiproxy/ The following services must be started manually : ALG startup parameters : Display name : Application Layer Gateway Service Service name : ALG Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\System32\alg.exe AeLookupSvc startup parameters : Display name : Application Experience Service name : AeLookupSvc Log on as : localSystem Executable path : C:\Windows\system32\svchost.exe -k netsvcs AppIDSvc startup parameters : Display name : Application Identity Service name : AppIDSvc Log on as : NT Authority\LocalService Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted Dependencies : RpcSs/AppID/CryptSvc/ AppMgmt startup parameters : Display name : Application Management Service name : AppMgmt Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k netsvcs AppReadiness startup parameters : Display name : App Readiness Service name : AppReadiness Log on as : LocalSystem Executable path : C:\Windows\System32\svchost.exe -k AppReadiness AppXSvc startup parameters : Display name : AppX Deployment Service (AppXSVC) Service name : AppXSvc Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k wsappx Dependencies : rpcss/ Appinfo startup parameters : Display name : Application Information Service name : Appinfo Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k netsvcs Dependencies : RpcSs/ProfSvc/ AudioEndpointBuilder startup parameters : Display name : Windows Audio Endpoint Builder Service name : AudioEndpointBuilder Log on as : LocalSystem Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted COMSysApp startup parameters : Display name : COM+ System Application Service name : COMSysApp Log on as : LocalSystem Executable path : C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} Dependencies : RpcSs/EventSystem/SENS/ DeviceAssociationService startup parameters : Display name : Device Association Service Service name : DeviceAssociationService Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted DeviceInstall startup parameters : Display name : Device Install Service Service name : DeviceInstall Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch DsmSvc startup parameters : Display name : Device Setup Manager Service name : DsmSvc Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k netsvcs Dependencies : RpcSs/HTTP/ Eaphost startup parameters : Display name : Extensible Authentication Protocol Service name : Eaphost Log on as : localSystem Executable path : C:\Windows\System32\svchost.exe -k netsvcs Dependencies : RPCSS/KeyIso/ FDResPub startup parameters : Display name : Function Discovery Resource Publication Service name : FDResPub Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation Dependencies : RpcSs/http/ FontCache3.0.0.0 startup parameters : Display name : Windows Presentation Foundation Font Cache 3.0.0.0 Service name : FontCache3.0.0.0 Log on as : NT Authority\LocalService Executable path : C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe IEEtwCollectorService startup parameters : Display name : Internet Explorer ETW Collector Service Service name : IEEtwCollectorService Log on as : LocalSystem Executable path : C:\Windows\system32\IEEtwCollector.exe /V KPSSVC startup parameters : Display name : KDC Proxy Server service (KPS) Service name : KPSSVC Log on as : NT AUTHORITY\NetworkService Executable path : C:\Windows\system32\svchost.exe -k KpsSvcGroup Dependencies : rpcss/http/ KeyIso startup parameters : Display name : CNG Key Isolation Service name : KeyIso Log on as : LocalSystem Executable path : C:\Windows\system32\lsass.exe Dependencies : RpcSs/ KtmRm startup parameters : Display name : KtmRm for Distributed Transaction Coordinator Service name : KtmRm Log on as : NT AUTHORITY\NetworkService Executable path : C:\Windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation Dependencies : RPCSS/SamSS/ MMCSS startup parameters : Display name : Multimedia Class Scheduler Service name : MMCSS Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k netsvcs MSiSCSI startup parameters : Display name : Microsoft iSCSI Initiator Service Service name : MSiSCSI Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k netsvcs NcaSvc startup parameters : Display name : Network Connectivity Assistant Service name : NcaSvc Log on as : LocalSystem Executable path : C:\Windows\System32\svchost.exe -k NetSvcs Dependencies : BFE/dnscache/NSI/iphlpsvc/ Netman startup parameters : Display name : Network Connections Service name : Netman Log on as : LocalSystem Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted Dependencies : RpcSs/nsi/ OracleRemExecServiceV2 startup parameters : Display name : OracleRemExecServiceV2 Service name : OracleRemExecServiceV2 Log on as : LocalSystem Executable path : C:\Users\ADMINI~1.BLD\AppData\Local\Temp\2\\oraremservicev2\RemoteExecService.exe PCU400 startup parameters : Display name : ABB PCU400 Process Communication Unit Service name : PCU400 Log on as : LocalSystem Executable path : C:\Pcu400\Run\Pcu400Service.exe Dependencies : RPCSS/ PerfHost startup parameters : Display name : Performance Counter DLL Host Service name : PerfHost Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\SysWow64\perfhost.exe Dependencies : RPCSS/ PlugPlay startup parameters : Display name : Plug and Play Service name : PlugPlay Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch PolicyAgent startup parameters : Display name : IPsec Policy Agent Service name : PolicyAgent Log on as : NT Authority\NetworkService Executable path : C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted Dependencies : Tcpip/bfe/ PrintNotify startup parameters : Display name : Printer Extensions and Notifications Service name : PrintNotify Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k print Dependencies : RpcSs/ RSoPProv startup parameters : Display name : Resultant Set of Policy Provider Service name : RSoPProv Log on as : LocalSystem Executable path : C:\Windows\system32\RSoPProv.exe Dependencies : RPCSS/ RasAuto startup parameters : Display name : Remote Access Auto Connection Manager Service name : RasAuto Log on as : localSystem Executable path : C:\Windows\System32\svchost.exe -k netsvcs Dependencies : RasAcd/ RasMan startup parameters : Display name : Remote Access Connection Manager Service name : RasMan Log on as : localSystem Executable path : C:\Windows\System32\svchost.exe -k netsvcs Dependencies : SstpSvc/ RpcLocator startup parameters : Display name : Remote Procedure Call (RPC) Locator Service name : RpcLocator Log on as : NT AUTHORITY\NetworkService Executable path : C:\Windows\system32\locator.exe SNMPTRAP startup parameters : Display name : SNMP Trap Service name : SNMPTRAP Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\System32\snmptrap.exe SessionEnv startup parameters : Display name : Remote Desktop Configuration Service name : SessionEnv Log on as : localSystem Executable path : C:\Windows\System32\svchost.exe -k netsvcs Dependencies : RPCSS/LanmanWorkstation/ SstpSvc startup parameters : Display name : Secure Socket Tunneling Protocol Service Service name : SstpSvc Log on as : NT Authority\LocalService Executable path : C:\Windows\system32\svchost.exe -k LocalService SysMain startup parameters : Display name : Superfetch Service name : SysMain Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted Dependencies : rpcss/ THREADORDER startup parameters : Display name : Thread Ordering Server Service name : THREADORDER Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\system32\svchost.exe -k LocalService TPAutoConnSvc startup parameters : Display name : TP AutoConnect Service Service name : TPAutoConnSvc Log on as : LocalSystem Executable path : "C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe" TPVCGateway startup parameters : Display name : TP VC Gateway Service Service name : TPVCGateway Log on as : LocalSystem Executable path : "C:\Program Files\VMware\VMware Tools\TPVCGateway.exe" TapiSrv startup parameters : Display name : Telephony Service name : TapiSrv Log on as : NT AUTHORITY\NetworkService Executable path : C:\Windows\System32\svchost.exe -k tapisrv Dependencies : RpcSs/ TermService startup parameters : Display name : Remote Desktop Services Service name : TermService Log on as : NT Authority\NetworkService Executable path : C:\Windows\System32\svchost.exe -k termsvcs Dependencies : RPCSS/ TieringEngineService startup parameters : Display name : Storage Tiers Management Service name : TieringEngineService Log on as : localSystem Executable path : C:\Windows\system32\TieringEngineService.exe UI0Detect startup parameters : Display name : Interactive Services Detection Service name : UI0Detect Log on as : LocalSystem Executable path : C:\Windows\system32\UI0Detect.exe UmRdpService startup parameters : Display name : Remote Desktop Services UserMode Port Redirector Service name : UmRdpService Log on as : localSystem Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted Dependencies : TermService/RDPDR/ VSS startup parameters : Display name : Volume Shadow Copy Service name : VSS Log on as : LocalSystem Executable path : C:\Windows\system32\vssvc.exe Dependencies : RPCSS/ VaultSvc startup parameters : Display name : Credential Manager Service name : VaultSvc Log on as : LocalSystem Executable path : C:\Windows\system32\lsass.exe Dependencies : rpcss/ WEPHOSTSVC startup parameters : Display name : Windows Encryption Provider Host Service Service name : WEPHOSTSVC Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\system32\svchost.exe -k WepHostSvcGroup Dependencies : rpcss/ WPDBusEnum startup parameters : Display name : Portable Device Enumerator Service Service name : WPDBusEnum Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted Dependencies : RpcSs/ WcsPlugInService startup parameters : Display name : Windows Color System Service name : WcsPlugInService Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\system32\svchost.exe -k wcssvc Dependencies : RpcSs/ Wecsvc startup parameters : Display name : Windows Event Collector Service name : Wecsvc Log on as : NT AUTHORITY\NetworkService Executable path : C:\Windows\system32\svchost.exe -k NetworkService Dependencies : HTTP/Eventlog/ WerSvc startup parameters : Display name : Windows Error Reporting Service Service name : WerSvc Log on as : localSystem Executable path : C:\Windows\System32\svchost.exe -k WerSvcGroup WinHttpAutoProxySvc startup parameters : Display name : WinHTTP Web Proxy Auto-Discovery Service Service name : WinHttpAutoProxySvc Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\system32\svchost.exe -k LocalService Dependencies : Dhcp/ defragsvc startup parameters : Display name : Optimize drives Service name : defragsvc Log on as : localSystem Executable path : C:\Windows\system32\svchost.exe -k defragsvc Dependencies : RPCSS/ dot3svc startup parameters : Display name : Wired AutoConfig Service name : dot3svc Log on as : localSystem Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted Dependencies : RpcSs/Ndisuio/Eaphost/ fdPHost startup parameters : Display name : Function Discovery Provider Host Service name : fdPHost Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\system32\svchost.exe -k LocalService Dependencies : RpcSs/http/ hidserv startup parameters : Display name : Human Interface Device Service Service name : hidserv Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted hkmsvc startup parameters : Display name : Health Key and Certificate Management Service name : hkmsvc Log on as : localSystem Executable path : C:\Windows\System32\svchost.exe -k netsvcs Dependencies : RpcSs/ lltdsvc startup parameters : Display name : Link-Layer Topology Discovery Mapper Service name : lltdsvc Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\System32\svchost.exe -k LocalService Dependencies : rpcss/lltdio/ msiserver startup parameters : Display name : Windows Installer Service name : msiserver Log on as : LocalSystem Executable path : C:\Windows\system32\msiexec.exe /V Dependencies : rpcss/ napagent startup parameters : Display name : Network Access Protection Agent Service name : napagent Log on as : NT AUTHORITY\NetworkService Executable path : C:\Windows\System32\svchost.exe -k NetworkService Dependencies : RpcSs/ netprofm startup parameters : Display name : Network List Service Service name : netprofm Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\System32\svchost.exe -k LocalService Dependencies : RpcSs/nlasvc/ ose startup parameters : Display name : Office Source Engine Service name : ose Log on as : LocalSystem Executable path : "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE" pla startup parameters : Display name : Performance Logs & Alerts Service name : pla Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork Dependencies : RPCSS/ sacsvr startup parameters : Display name : Special Administration Console Helper Service name : sacsvr Log on as : LocalSystem Executable path : C:\Windows\System32\svchost.exe -k netsvcs seclogon startup parameters : Display name : Secondary Logon Service name : seclogon Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k netsvcs smphost startup parameters : Display name : Microsoft Storage Spaces SMP Service name : smphost Log on as : NT AUTHORITY\NetworkService Executable path : C:\Windows\System32\svchost.exe -k smphost Dependencies : RPCSS/ svsvc startup parameters : Display name : Spot Verifier Service name : svsvc Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted swprv startup parameters : Display name : Microsoft Software Shadow Copy Provider Service name : swprv Log on as : LocalSystem Executable path : C:\Windows\System32\svchost.exe -k swprv Dependencies : RPCSS/ vds startup parameters : Display name : Virtual Disk Service name : vds Log on as : LocalSystem Executable path : C:\Windows\System32\vds.exe Dependencies : RpcSs/ vmicguestinterface startup parameters : Display name : Hyper-V Guest Service Interface Service name : vmicguestinterface Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted vmicheartbeat startup parameters : Display name : Hyper-V Heartbeat Service Service name : vmicheartbeat Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k ICService vmickvpexchange startup parameters : Display name : Hyper-V Data Exchange Service Service name : vmickvpexchange Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted vmicrdv startup parameters : Display name : Hyper-V Remote Desktop Virtualization Service Service name : vmicrdv Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k ICService vmicshutdown startup parameters : Display name : Hyper-V Guest Shutdown Service Service name : vmicshutdown Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted vmictimesync startup parameters : Display name : Hyper-V Time Synchronization Service Service name : vmictimesync Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted vmicvss startup parameters : Display name : Hyper-V Volume Shadow Copy Requestor Service name : vmicvss Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted vmvss startup parameters : Display name : VMware Snapshot Provider Service name : vmvss Log on as : LocalSystem Executable path : C:\Windows\system32\dllhost.exe /Processid:{01B5ABD2-943C-40E8-BC8D-1064AE72852E} Dependencies : rpcss/ wercplsupport startup parameters : Display name : Problem Reports and Solutions Control Panel Support Service name : wercplsupport Log on as : localSystem Executable path : C:\Windows\System32\svchost.exe -k netsvcs wmiApSrv startup parameters : Display name : WMI Performance Adapter Service name : wmiApSrv Log on as : localSystem Executable path : C:\Windows\system32\wbem\WmiApSrv.exe wuauserv startup parameters : Display name : Windows Update Service name : wuauserv Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k netsvcs Dependencies : rpcss/ wudfsvc startup parameters : Display name : Windows Driver Foundation - User-mode Driver Framework Service name : wudfsvc Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted Dependencies : WudfPf/ The following services are disabled : Browser startup parameters : Display name : Computer Browser Service name : Browser Log on as : LocalSystem Executable path : C:\Windows\System32\svchost.exe -k netsvcs Dependencies : LanmanWorkstation/LanmanServer/ NetTcpPortSharing startup parameters : Display name : Net.Tcp Port Sharing Service Service name : NetTcpPortSharing Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe OracleJobSchedulerMDB startup parameters : Display name : OracleJobSchedulerMDB Service name : OracleJobSchedulerMDB Log on as : bld01sec\de400$ Executable path : c:\oracle\product\12.1.0\dbhome_1\Bin\extjob.exe MDB RemoteAccess startup parameters : Display name : Routing and Remote Access Service name : RemoteAccess Log on as : localSystem Executable path : C:\Windows\System32\svchost.exe -k netsvcs Dependencies : RpcSS/Bfe/RasMan/Http/+NetBIOSGroup/ SSDPSRV startup parameters : Display name : SSDP Discovery Service name : SSDPSRV Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation Dependencies : HTTP/ SharedAccess startup parameters : Display name : Internet Connection Sharing (ICS) Service name : SharedAccess Log on as : LocalSystem Executable path : C:\Windows\System32\svchost.exe -k netsvcs Dependencies : Netman/WinMgmt/BFE/ W32Time startup parameters : Display name : Windows Time Service name : W32Time Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\system32\svchost.exe -k LocalService upnphost startup parameters : Display name : UPnP Device Host Service name : upnphost Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation Dependencies : SSDPSRV/HTTP/
|
48942 - Microsoft Windows SMB Registry : OS Version and Processor Architecture |
[-/+] |
Synopsis
It was possible to determine the processor architecture, build lab strings, and Windows OS version installed on the remote system.Description
Nessus was able to determine the the processor architecture, build lab strings, and the Windows OS version installed on the remote system by connecting to the remote registry with the supplied credentials.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2010/08/31, Modification date: 2016/11/16Ports
tcp/445
Operating system version = 6.3.9600 Architecture = x64 Build lab extended = 9600.18202.amd64fre.winblue_ltsb.160119-0600
|
51351 - Microsoft .NET Framework Detection |
[-/+] |
Synopsis
A software framework is installed on the remote host.Description
Microsoft .NET Framework, a software framework for Microsoft Windows operating systems, is installed on the remote host.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2010/12/20, Modification date: 2016/10/14Ports
tcp/445
The remote host has following version(s) of Microsoft .NET Framework installed : + Version : 2.0.50727 - Full Version : 2.0.50727.4927 - SP : 2 + Version : 3.0 - Full Version : 3.0.30729.4926 - SP : 2 + Version : 3.5 - Full Version : 3.5.30729.4926 - SP : 1 - Path : C:\Windows\Microsoft.NET\Framework64\v3.5\ + Version : 4.6.1 - Install Type : Full - Full Version : 4.6.01055 - Path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ + Version : 4.6.1 - Install Type : Client - Full Version : 4.6.01055 - Path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
|
57033 - Microsoft Patch Bulletin Feasibility Check |
[-/+] |
Synopsis
Nessus is able to check for Microsoft patch bulletins.Description
Using credentials supplied in the scan policy, Nessus is able to collect information about the software and patches installed on the remote Windows host and will use that information to check for missing Microsoft security updates. Note that this plugin is purely informational.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2011/12/06, Modification date: 2016/02/12Ports
tcp/445
Nessus is able to test for missing patches using : Nessus
|
58181 - Windows DNS Server Enumeration |
[-/+] |
Synopsis
Nessus enumerated the DNS servers being used by the remote Windows host.Description
Nessus was able to enumerate the DNS servers configured on the remote Windows host by looking in the registry.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2012/03/01, Modification date: 2015/03/17Ports
tcp/445
Nessus enumerated DNS servers for the following interfaces : Interface: {5EA1DCB5-726A-4D76-B467-5F3EF5FA7A86} Network Connection : Ethernet NameServer: 192.168.109.21
|
58452 - Microsoft Windows Startup Software Enumeration |
[-/+] |
Synopsis
It is possible to enumerate startup software.Description
This plugin lists software that is configured to run on system startup by crawling the registry entries in : - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run - HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersi on\RunSolution
Review the list of applications and remove any that are not compliant with your organization's acceptable use and security policies.Risk Factor
NonePlugin Information:
Publication date: 2012/03/23, Modification date: 2015/01/12Ports
tcp/445
The following startup item was found : QLogicSaveSystemInfo - rundll32.exe qlco10011.dll,QLSaveSystemInfo SunJavaUpdateSched - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe VMware User Process - C:\Program Files\VMware\VMware Tools\vmtoolsd.exe
|
60119 - Microsoft Windows SMB Share Permissions Enumeration |
[-/+] |
Synopsis
It was possible to enumerate the permissions of remote network shares.Description
By using the supplied credentials, Nessus was able to enumerate the permissions of network shares. User permissions are enumerated for each network share that has a list of access control entries (ACEs).See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2012/07/25, Modification date: 2017/02/27Ports
tcp/445
Share path : \\BLDDE01\nm_files Local path : C:\nm_files [*] Allow ACE for BUILTIN\Administrators: 0x001f01ff FILE_ALL_ACCESS: YES FILE_ALL_ACCESS: YES FILE_ALL_ACCESS: YES [*] Allow ACE for Everyone: 0x001f01ff FILE_ALL_ACCESS: YES FILE_ALL_ACCESS: YES FILE_ALL_ACCESS: YES
|
63080 - Microsoft Windows Mounted Devices |
[-/+] |
Synopsis
It is possible to get a list of mounted devices that may have been connected to the remote system in the past.Description
By connecting to the remote host with the supplied credentials, this plugin enumerates mounted devices that have been connected to the remote host in the past.See Also
Solution
Make sure that the mounted drives agree with your organization's acceptable use and security policies.Risk Factor
NonePlugin Information:
Publication date: 2012/11/28, Modification date: 2012/11/28Ports
tcp/445
Name : \??\volume{e32ff7e0-fd40-11e5-80bf-806e6f6e6963} Data : l$ Raw data : 809c6c240000100000000000 Name : \??\volume{e32ff7e5-fd40-11e5-80bf-806e6f6e6963} Data : \??\IDE#CdRomNECVMWar_VMware_IDE_CDR00_______________1.00____#5&4e95d23&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} Raw data : 5c003f003f005c0049004400450023004300640052006f006d004e004500430056004d005700610072005f0056004d0077006100720065005f004900440045005f00430044005200300030005f005f005f005f005f005f005f005f005f005f005f005f005f005f005f0031002e00300030005f005f005f005f00230035002600340065003900350064003200330026003000260030002e0030002e00300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 Name : \??\volume{e32ff7e6-fd40-11e5-80bf-806e6f6e6963} Data : \??\FDC#GENERIC_FLOPPY_DRIVE#6&2a770f87&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} Raw data : 5c003f003f005c004600440043002300470045004e0045005200490043005f0046004c004f005000500059005f004400520049005600450023003600260032006100370037003000660038003700260030002600300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 Name : \??\volume{e32ff7e1-fd40-11e5-80bf-806e6f6e6963} Data : l$P Raw data : 809c6c240000501000000000 Name : \dosdevices\e: Data : \??\IDE#CdRomNECVMWar_VMware_IDE_CDR00_______________1.00____#5&4e95d23&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} Raw data : 5c003f003f005c0049004400450023004300640052006f006d004e004500430056004d005700610072005f0056004d0077006100720065005f004900440045005f00430044005200300030005f005f005f005f005f005f005f005f005f005f005f005f005f005f005f0031002e00300030005f005f005f005f00230035002600340065003900350064003200330026003000260030002e0030002e00300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 Name : \??\volume{fa89675a-ef5c-11e6-8100-000c29b6231d} Data : _??_USBSTOR#Disk&Ven_CBM&Prod_USB2.0&Rev_5.00#211618009C259212&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f00430042004d002600500072006f0064005f0055005300420032002e00300026005200650076005f0035002e0030003000230032003100310036003100380030003000390043003200350039003200310032002600300023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 Name : \dosdevices\f: Data : _??_USBSTOR#Disk&Ven_CBM&Prod_USB2.0&Rev_5.00#211618009C259212&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f00430042004d002600500072006f0064005f0055005300420032002e00300026005200650076005f0035002e0030003000230032003100310036003100380030003000390043003200350039003200310032002600300023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 Name : \dosdevices\a: Data : \??\FDC#GENERIC_FLOPPY_DRIVE#6&2a770f87&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} Raw data : 5c003f003f005c004600440043002300470045004e0045005200490043005f0046004c004f005000500059005f004400520049005600450023003600260032006100370037003000660038003700260030002600300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 Name : \dosdevices\c: Data : l$P Raw data : 809c6c240000501000000000 Name : \dosdevices\d: Data : \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&2fa3fb6e&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} Raw data : 5c003f003f005c00530043005300490023004300640052006f006d002600560065006e005f004e004500430056004d005700610072002600500072006f0064005f0056004d0077006100720065005f0053004100540041005f0043004400300030002300350026003200660061003300660062003600650026003000260030003000300030003000300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 Name : \??\volume{9aa32539-9ccc-11e6-80f7-806e6f6e6963} Data : \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&2fa3fb6e&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} Raw data : 5c003f003f005c00530043005300490023004300640052006f006d002600560065006e005f004e004500430056004d005700610072002600500072006f0064005f0056004d0077006100720065005f0053004100540041005f0043004400300030002300350026003200660061003300660062003600650026003000260030003000300030003000300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00
|
63620 - Windows Product Key Retrieval |
[-/+] |
Synopsis
This plugin retrieves the Windows Product key of the remote Windows host.Description
Using the supplied credentials, Nessus was able to obtain the retrieve the Windows host's partial product key'.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2013/01/18, Modification date: 2013/01/18Ports
tcp/445
Product key : XXXXX-XXXXX-XXXXX-XXXXX-MDVJX Note that all but the final portion of the key has been obfuscated.
|
65739 - Oracle Java JRE Universally Enabled |
[-/+] |
Synopsis
Oracle Java JRE has not been universally disabled on the remote host.Description
Oracle Java JRE has not been universally disabled on the remote host via the Java control panel. Note that while Java can be individually disabled for each browser, universally disabling Java prevents it from running for all users and browsers.See Also
Solution
Disable Java universally unless it is needed.Risk Factor
NonePlugin Information:
Publication date: 2013/03/29, Modification date: 2013/05/06Ports
tcp/445
|
65743 - Oracle Java JRE Enabled (Internet Explorer) |
[-/+] |
Synopsis
The remote host has Oracle Java JRE enabled for Internet Explorer.Description
Oracle Java JRE is enabled in Internet Explorer.See Also
Solution
Apply Microsoft 'Fix it' 50994 unless Java is needed.Risk Factor
NonePlugin Information:
Publication date: 2013/03/29, Modification date: 2016/06/13Ports
tcp/445
Java is enabled for the following ActiveX controls and SIDs : ActiveX CLSIDs : {8AD9C840-044E-11D1-B3E9-00805F499D93} {CAFEEFAC-0017-0000-FFFF-ABCDEFFEDCBA} {CAFEEFAC-0017-0001-FFFF-ABCDEFFEDCBA} {CAFEEFAC-0017-0002-FFFF-ABCDEFFEDCBA} {CAFEEFAC-0017-0003-FFFF-ABCDEFFEDCBA} {CAFEEFAC-0017-0004-FFFF-ABCDEFFEDCBA} {CAFEEFAC-0017-0005-FFFF-ABCDEFFEDCBA} {CAFEEFAC-0017-0006-FFFF-ABCDEFFEDCBA} {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} User SIDs : S-1-5-21-2659951044-3182031200-318033672-500 S-1-5-21-2770019732-1922860174-1796585773-1105 S-1-5-21-2770019732-1922860174-1796585773-1142 Note that this check may be incomplete as Nessus can only check the SIDs of logged on users.
|
66424 - Microsoft Malicious Software Removal Tool Installed |
[-/+] |
Synopsis
An antimalware application is installed on the remote Windows host.Description
The Microsoft Malicious Software Removal Tool is installed on the remote host. This tool is an application that attempts to detect and remove known malware from Windows systems.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2013/05/15, Modification date: 2017/03/15Ports
tcp/445
File : C:\Windows\system32\MRT.exe Version : 5.34.12400.0 Release at last run : March 2016 Report infection information to Microsoft : Yes
|
66517 - Adobe Reader Enabled in Browser (Internet Explorer) |
[-/+] |
Synopsis
The remote host has Adobe Reader enabled for Internet Explorer.Description
Adobe Reader is enabled in Internet Explorer.Solution
Disable Adobe Reader unless it is needed.Risk Factor
NonePlugin Information:
Publication date: 2013/05/20, Modification date: 2016/06/13Ports
tcp/445
Adobe Reader is enabled for the following SIDs : S-1-5-21-2659951044-3182031200-318033672-500 S-1-5-21-2770019732-1922860174-1796585773-1105 S-1-5-21-2770019732-1922860174-1796585773-1142 Note that this check may be incomplete as Nessus can only check the SIDs of logged on users.
|
66542 - JavaScript Enabled in Adobe Reader |
[-/+] |
Synopsis
The remote Windows host has JavaScript enabled in Adobe Reader.Description
JavaScript is enabled in Adobe Reader. Note that Nessus can only check the SIDs of logged on users, and thus the results may be incomplete.See Also
Solution
Disable JavaScript in Adobe Reader unless it is needed.Risk Factor
NonePlugin Information:
Publication date: 2013/05/22, Modification date: 2013/05/22Ports
tcp/445
Nessus found JavaScript enabled for the following user and version of Adobe Reader : Version DC for SID S-1-5-21-2659951044-3182031200-318033672-500
|
68879 - Microsoft Lync Installed |
[-/+] |
Synopsis
A communication application is installed on the remote Windows host.Description
Microsoft Lync (previously known as Microsoft Office Communications) is installed on the remote host. Microsoft Lync provides communications services such as instant messaging, VoIP, and video conferencing.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2013/07/14, Modification date: 2015/11/11Ports
tcp/445
Nessus detected 2 installs of Microsoft Lync: Path : C:\Program Files (x86)\Microsoft Office\Office16\ Version : 16.0.4266.1001 Product : Microsoft Lync Path : C:\Program Files (x86)\Microsoft Office\Office16\ Version : 16.0.4266.1001 Product : Microsoft Lync Basic
|
71643 - Oracle Installed Software Enumeration (Windows) |
[-/+] |
Synopsis
It was possible to enumerate installed Oracle software on the remote Windows host.Description
It was possible to enumerate installed Oracle software on the remote Windows host.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2013/12/27, Modification date: 2017/04/03Ports
tcp/445
Nessus found the following Oracle product on the remote host : Oracle home : OraDB12Home1 Installed top-level products - Oracle Database 12c 12.1.0.2.0
|
71644 - Oracle Database Patch Info (credentialed check) |
[-/+] |
Synopsis
It was possible to gather Oracle Database patch information with the supplied credentials.Description
It was possible to gather Oracle Database patch information with the supplied credentials.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2013/12/27, Modification date: 2017/03/31Ports
tcp/445
Nessus was able to determine the following patch information for the remote Oracle Database server : Oracle SID(s) : MDB Oracle home : c:\oracle\product\12.1.0\dbhome_1 Patch : 22310559 Unique Patch ID : 19785639 Patch Description : WINDOWS DB BUNDLE PATCH 12.1.0.2.160119(64bit):22310559 ------------------------------ snip ------------------------------
|
72367 - Microsoft Internet Explorer Version Detection |
[-/+] |
Synopsis
Internet Explorer is installed on the remote host.Description
The remote Windows host contains Internet Explorer, a web browser created by Microsoft.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2014/02/06, Modification date: 2014/02/13Ports
tcp/445
Version : 11.0.9600.18231
|
72879 - Microsoft Internet Explorer Enhanced Security Configuration Detection |
[-/+] |
Synopsis
The remote host supports IE Enhanced Security Configuration.Description
Nessus detects if the remote Windows host supports IE Enhanced Security Configuration (ESC) and if IE ESC features are enabled or disabled.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2014/03/07, Modification date: 2017/04/03Ports
tcp/445
Type : Admin Groups Is Enabled : False Type : User Groups Is Enabled : True
|
93232 - Microsoft Office Compatibility Pack Installed (credentialed check) |
[-/+] |
Synopsis
A compatibility application is installed on the remote host.Description
Microsoft Office Compatibility Pack, used to enable older versions of Microsoft Office applications to view and edit files created with newer versions of Microsoft Office applications, is installed on the remote Windows host.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2016/08/30, Modification date: 2017/03/03Ports
tcp/445
Office Compatibility Pack is installed with the following components: Component : Excel Converter Version : 16.0.4266.1001 Path : C:\Program Files (x86)\Microsoft Office\Office16\Excelcnv.exe Component : Word Converter Version : 16.0.4266.1001 Path : C:\Program Files (x86)\Microsoft Office\Office16\Wordconv.exe
|
93234 - Microsoft Visio Viewer Installed (credentialed check) |
[-/+] |
Synopsis
A drawing viewing application is installed on the remote host.Description
Microsoft Visio Viewer, used to view drawings created in Microsoft Visio, is installed on the remote Windows host.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2016/08/30, Modification date: 2017/03/03Ports
tcp/445
Path : C:\Program Files (x86)\Microsoft Office\Office16\vviewer.dll Version : 16.0.4266.1001 Product : 2016 Service Pack : unknown
|
97086 - Server Message Block (SMB) Protocol Version 1 Enabled |
[-/+] |
Synopsis
The remote Windows host supports the SMBv1 protocol.Description
The remote Windows host supports Server Message Block Protocol version 1 (SMBv1). Microsoft recommends that users discontinue the use of SMBv1 due to the lack of security features that were included in later SMB versions. Additionally, the Shadow Brokers group reportedly has an exploit that affects SMB; however, it is unknown if the exploit affects SMBv1 or another version. In response to this, US-CERT recommends that users disable SMBv1 per SMB best practices to mitigate these potential issues.See Also
Solution
Disable SMBv1 according to the vendor instructions in Microsoft KB2696547. Additionally, block SMB directly by blocking TCP port 445 on all network boundary devices. For SMB over the NetBIOS API, block TCP ports 137 / 139 and UDP ports 137 / 138 on all network boundary devices.Risk Factor
NoneReferences
Plugin Information:
Publication date: 2017/02/09, Modification date: 2017/03/09Ports
tcp/445
SMBv1 server is enabled : - HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB1 : NULL or missing SMB1protocol feature is enabled based on the following key : - HKLM\SYSTEM\CurrentControlSet\Services\srv
500/udp
|
34220 - Netstat Portscanner (WMI) |
[-/+] |
Synopsis
The list of open ports could be retrieved via netstat.Description
Using the WMI interface, it was possible to get the open ports by running the netstat command remotely.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/16, Modification date: 2017/04/03Ports
udp/500
Port 500/udp was found to be open
|
34252 - Microsoft Windows Remote Listeners Enumeration (WMI) |
[-/+] |
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/23, Modification date: 2017/04/03Ports
udp/500
The Win32 process 'svchost.exe' is listening on this port (pid 848). This process 'svchost.exe' (pid 848) is hosting the following Windows services : BITS (@%SystemRoot%\system32\qmgr.dll,-1000) CertPropSvc (@%SystemRoot%\System32\certprop.dll,-11) gpsvc (@gpapi.dll,-112) IKEEXT (@%SystemRoot%\system32\ikeext.dll,-501) iphlpsvc (@%SystemRoot%\system32\iphlpsvc.dll,-500) LanmanServer (@%systemroot%\system32\srvsvc.dll,-100) MMCSS (@%systemroot%\system32\mmcss.dll,-100) ProfSvc (@%systemroot%\system32\profsvc.dll,-300) Schedule (@%SystemRoot%\system32\schedsvc.dll,-100) SENS (@%SystemRoot%\system32\Sens.dll,-200) SessionEnv (@%SystemRoot%\System32\SessEnv.dll,-1026) ShellHWDetection (@%SystemRoot%\System32\shsvcs.dll,-12288) Themes (@%SystemRoot%\System32\themeservice.dll,-8192) Winmgmt (@%Systemroot%\system32\wbem\wmisvc.dll,-205)
1521/tcp
|
10658 - Oracle Database tnslsnr Service Remote Version Disclosure |
[-/+] |
Synopsis
An Oracle tnslsnr service is listening on the remote port.Description
The remote host is running the Oracle tnslsnr service, a network interface to Oracle databases. This product allows a remote user to determine the presence and version number of a given Oracle installation.Solution
Filter incoming traffic to this port so that only authorized hosts can connect to it.Risk Factor
NonePlugin Information:
Publication date: 2001/05/01, Modification date: 2014/07/11Ports
tcp/1521
A TNS service is running on this port but it refused to honor an attempt to connect to it. (The TNS reply code was 4)
|
34220 - Netstat Portscanner (WMI) |
[-/+] |
Synopsis
The list of open ports could be retrieved via netstat.Description
Using the WMI interface, it was possible to get the open ports by running the netstat command remotely.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/16, Modification date: 2017/04/03Ports
tcp/1521
Port 1521/tcp was found to be open
|
34252 - Microsoft Windows Remote Listeners Enumeration (WMI) |
[-/+] |
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/23, Modification date: 2017/04/03Ports
tcp/1521
The Win32 process 'TNSLSNR.EXE' is listening on this port (pid 1424).
2000/tcp
|
34220 - Netstat Portscanner (WMI) |
[-/+] |
Synopsis
The list of open ports could be retrieved via netstat.Description
Using the WMI interface, it was possible to get the open ports by running the netstat command remotely.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/16, Modification date: 2017/04/03Ports
tcp/2000
Port 2000/tcp was found to be open
|
34252 - Microsoft Windows Remote Listeners Enumeration (WMI) |
[-/+] |
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/23, Modification date: 2017/04/03Ports
tcp/2000
The Win32 process 'cagsrv.exe' is listening on this port (pid 2964).
2001/tcp
|
34220 - Netstat Portscanner (WMI) |
[-/+] |
Synopsis
The list of open ports could be retrieved via netstat.Description
Using the WMI interface, it was possible to get the open ports by running the netstat command remotely.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/16, Modification date: 2017/04/03Ports
tcp/2001
Port 2001/tcp was found to be open
|
34252 - Microsoft Windows Remote Listeners Enumeration (WMI) |
[-/+] |
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/23, Modification date: 2017/04/03Ports
tcp/2001
The Win32 process 'PCUMonSrv.exe' is listening on this port (pid 1572). This process 'PCUMonSrv.exe' (pid 1572) is hosting the following Windows services : PCU400InfoMonitoring (ABB PCU400 Monitoring)
3341/tcp
|
34220 - Netstat Portscanner (WMI) |
[-/+] |
Synopsis
The list of open ports could be retrieved via netstat.Description
Using the WMI interface, it was possible to get the open ports by running the netstat command remotely.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/16, Modification date: 2017/04/03Ports
tcp/3341
Port 3341/tcp was found to be open
|
34252 - Microsoft Windows Remote Listeners Enumeration (WMI) |
[-/+] |
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/23, Modification date: 2017/04/03Ports
tcp/3341
The Win32 process 'NmxAppLogService.exe' is listening on this port (pid 1284). This process 'NmxAppLogService.exe' (pid 1284) is hosting the following Windows services : NmxAppLogService (ABB NM Application Logger)
3389/tcp
|
18405 - Microsoft Windows Remote Desktop Protocol Server Man-in-the-Middle Weakness |
[-/+] |
Synopsis
It may be possible to get access to the remote host.Description
The remote version of the Remote Desktop Protocol Server (Terminal Service) is vulnerable to a man-in-the-middle (MiTM) attack. The RDP client makes no effort to validate the identity of the server when setting up encryption. An attacker with the ability to intercept traffic from the RDP server can establish encryption with the client and server without being detected. A MiTM attack of this nature would allow the attacker to obtain any sensitive information transmitted, including authentication credentials. This flaw exists because the RDP server stores a hard-coded RSA private key in the mstlsapi.dll library. Any local user with access to this file (on any Windows system) can retrieve the key and use it for this attack.See Also
Solution
- Force the use of SSL as a transport layer for this service if supported, or/and - Select the 'Allow connections only from computers running Remote Desktop with Network Level Authentication' setting if it is available.Risk Factor
MediumCVSS Base Score
5.1 (CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)CVSS Temporal Score
4.6 (CVSS2#E:F/RL:W/RC:ND)References
Plugin Information:
Publication date: 2005/06/01, Modification date: 2016/11/23Ports
tcp/3389
|
10940 - Windows Terminal Services Enabled |
[-/+] |
Synopsis
The remote Windows host has Terminal Services enabled.Description
Terminal Services allows a Windows user to remotely obtain a graphical login (and therefore act as a local user on the remote host). If an attacker gains a valid login and password, this service could be used to gain further access on the remote host. An attacker may also use this service to mount a dictionary attack against the remote host to try to log in remotely. Note that RDP (the Remote Desktop Protocol) is vulnerable to Man-in-the-middle attacks, making it easy for attackers to steal the credentials of legitimate users by impersonating the Windows server.Solution
Disable Terminal Services if you do not use it, and do not allow this service to run across the Internet.Risk Factor
NonePlugin Information:
Publication date: 2002/04/20, Modification date: 2014/06/06Ports
tcp/3389
|
34252 - Microsoft Windows Remote Listeners Enumeration (WMI) |
[-/+] |
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/23, Modification date: 2017/04/03Ports
tcp/3389
The Win32 process 'svchost.exe' is listening on this port (pid 1344). This process 'svchost.exe' (pid 1344) is hosting the following Windows services : TermService (@%SystemRoot%\System32\termsrv.dll,-268)
3389/udp
|
34220 - Netstat Portscanner (WMI) |
[-/+] |
Synopsis
The list of open ports could be retrieved via netstat.Description
Using the WMI interface, it was possible to get the open ports by running the netstat command remotely.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/16, Modification date: 2017/04/03Ports
udp/3389
Port 3389/udp was found to be open
4500/udp
|
34220 - Netstat Portscanner (WMI) |
[-/+] |
Synopsis
The list of open ports could be retrieved via netstat.Description
Using the WMI interface, it was possible to get the open ports by running the netstat command remotely.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/16, Modification date: 2017/04/03Ports
udp/4500
Port 4500/udp was found to be open
|
34252 - Microsoft Windows Remote Listeners Enumeration (WMI) |
[-/+] |
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/23, Modification date: 2017/04/03Ports
udp/4500
The Win32 process 'svchost.exe' is listening on this port (pid 848). This process 'svchost.exe' (pid 848) is hosting the following Windows services : BITS (@%SystemRoot%\system32\qmgr.dll,-1000) CertPropSvc (@%SystemRoot%\System32\certprop.dll,-11) gpsvc (@gpapi.dll,-112) IKEEXT (@%SystemRoot%\system32\ikeext.dll,-501) iphlpsvc (@%SystemRoot%\system32\iphlpsvc.dll,-500) LanmanServer (@%systemroot%\system32\srvsvc.dll,-100) MMCSS (@%systemroot%\system32\mmcss.dll,-100) ProfSvc (@%systemroot%\system32\profsvc.dll,-300) Schedule (@%SystemRoot%\system32\schedsvc.dll,-100) SENS (@%SystemRoot%\system32\Sens.dll,-200) SessionEnv (@%SystemRoot%\System32\SessEnv.dll,-1026) ShellHWDetection (@%SystemRoot%\System32\shsvcs.dll,-12288) Themes (@%SystemRoot%\System32\themeservice.dll,-8192) Winmgmt (@%Systemroot%\system32\wbem\wmisvc.dll,-205)
5355/udp
|
34220 - Netstat Portscanner (WMI) |
[-/+] |
Synopsis
The list of open ports could be retrieved via netstat.Description
Using the WMI interface, it was possible to get the open ports by running the netstat command remotely.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/16, Modification date: 2017/04/03Ports
udp/5355
Port 5355/udp was found to be open
|
34252 - Microsoft Windows Remote Listeners Enumeration (WMI) |
[-/+] |
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/23, Modification date: 2017/04/03Ports
udp/5355
The Win32 process 'svchost.exe' is listening on this port (pid 992). This process 'svchost.exe' (pid 992) is hosting the following Windows services : CryptSvc (@%SystemRoot%\system32\cryptsvc.dll,-1001) Dnscache (@%SystemRoot%\System32\dnsapi.dll,-101) LanmanWorkstation (@%systemroot%\system32\wkssvc.dll,-100) NlaSvc (@%SystemRoot%\System32\nlasvc.dll,-1) WinRM (@%Systemroot%\system32\wsmsvc.dll,-101)
5985/tcp
|
34220 - Netstat Portscanner (WMI) |
[-/+] |
Synopsis
The list of open ports could be retrieved via netstat.Description
Using the WMI interface, it was possible to get the open ports by running the netstat command remotely.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/16, Modification date: 2017/04/03Ports
tcp/5985
Port 5985/tcp was found to be open
|
34252 - Microsoft Windows Remote Listeners Enumeration (WMI) |
[-/+] |
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/23, Modification date: 2017/04/03Ports
tcp/5985
The Win32 process 'System' is listening on this port (pid 4).
6661/tcp
|
34220 - Netstat Portscanner (WMI) |
[-/+] |
Synopsis
The list of open ports could be retrieved via netstat.Description
Using the WMI interface, it was possible to get the open ports by running the netstat command remotely.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/16, Modification date: 2017/04/03Ports
tcp/6661
Port 6661/tcp was found to be open
|
34252 - Microsoft Windows Remote Listeners Enumeration (WMI) |
[-/+] |
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/23, Modification date: 2017/04/03Ports
tcp/6661
The Win32 process 'dcusrv.exe' is listening on this port (pid 2472).
6662/tcp
|
34220 - Netstat Portscanner (WMI) |
[-/+] |
Synopsis
The list of open ports could be retrieved via netstat.Description
Using the WMI interface, it was possible to get the open ports by running the netstat command remotely.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/16, Modification date: 2017/04/03Ports
tcp/6662
Port 6662/tcp was found to be open
|
34252 - Microsoft Windows Remote Listeners Enumeration (WMI) |
[-/+] |
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/23, Modification date: 2017/04/03Ports
tcp/6662
The Win32 process 'dcusrv.exe' is listening on this port (pid 2472).
8009/tcp
|
34220 - Netstat Portscanner (WMI) |
[-/+] |
Synopsis
The list of open ports could be retrieved via netstat.Description
Using the WMI interface, it was possible to get the open ports by running the netstat command remotely.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/16, Modification date: 2017/04/03Ports
tcp/8009
Port 8009/tcp was found to be open
|
34252 - Microsoft Windows Remote Listeners Enumeration (WMI) |
[-/+] |
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/23, Modification date: 2017/04/03Ports
tcp/8009
The Win32 process 'Tomcat7.exe' is listening on this port (pid 1656). This process 'Tomcat7.exe' (pid 1656) is hosting the following Windows services : Tomcat7 (Apache Tomcat 7.0 Tomcat7)
8080/tcp
|
34220 - Netstat Portscanner (WMI) |
[-/+] |
Synopsis
The list of open ports could be retrieved via netstat.Description
Using the WMI interface, it was possible to get the open ports by running the netstat command remotely.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/16, Modification date: 2017/04/03Ports
tcp/8080
Port 8080/tcp was found to be open
|
34252 - Microsoft Windows Remote Listeners Enumeration (WMI) |
[-/+] |
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/23, Modification date: 2017/04/03Ports
tcp/8080
The Win32 process 'Tomcat7.exe' is listening on this port (pid 1656). This process 'Tomcat7.exe' (pid 1656) is hosting the following Windows services : Tomcat7 (Apache Tomcat 7.0 Tomcat7)
47001/tcp
|
34220 - Netstat Portscanner (WMI) |
[-/+] |
Synopsis
The list of open ports could be retrieved via netstat.Description
Using the WMI interface, it was possible to get the open ports by running the netstat command remotely.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/16, Modification date: 2017/04/03Ports
tcp/47001
Port 47001/tcp was found to be open
|
34252 - Microsoft Windows Remote Listeners Enumeration (WMI) |
[-/+] |
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/23, Modification date: 2017/04/03Ports
tcp/47001
The Win32 process 'System' is listening on this port (pid 4).
49152/tcp
|
10736 - DCE Services Enumeration |
[-/+] |
Synopsis
A DCE/RPC service is running on the remote host.Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2001/08/26, Modification date: 2014/05/12Ports
tcp/49152
The following DCERPC services are available on TCP port 49152 : Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91 UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0 Description : Unknown RPC service Type : Remote RPC service TCP Port : 49152 IP : 192.168.109.23
|
34220 - Netstat Portscanner (WMI) |
[-/+] |
Synopsis
The list of open ports could be retrieved via netstat.Description
Using the WMI interface, it was possible to get the open ports by running the netstat command remotely.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/16, Modification date: 2017/04/03Ports
tcp/49152
Port 49152/tcp was found to be open
|
34252 - Microsoft Windows Remote Listeners Enumeration (WMI) |
[-/+] |
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/23, Modification date: 2017/04/03Ports
tcp/49152
The Win32 process 'wininit.exe' is listening on this port (pid 444).
49153/tcp
|
90510 - MS16-047: Security Update for SAM and LSAD Remote Protocols (3148527) (Badlock) (uncredentialed check) |
[-/+] |
Synopsis
The remote Windows host is affected by an elevation of privilege vulnerability.Description
The remote Windows host is affected by an elevation of privilege vulnerability in the Security Account Manager (SAM) and Local Security Authority (Domain Policy) (LSAD) protocols due to improper authentication level negotiation over Remote Procedure Call (RPC) channels. A man-in-the-middle attacker able to intercept communications between a client and a server hosting a SAM database can exploit this to force the authentication level to downgrade, allowing the attacker to impersonate an authenticated user and access the SAM database.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
MediumCVSS Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)CVSS Temporal Score
5.6 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IReferences
| BID |
86002
|
| CVE |
CVE-2016-0128
|
| XREF |
OSVDB:136339 |
| XREF |
MSFT:MS16-047 |
| XREF |
CERT:813296 |
| XREF |
IAVA:2016-A-0093 |
Plugin Information:
Publication date: 2016/04/13, Modification date: 2016/07/19Ports
tcp/49153
|
10736 - DCE Services Enumeration |
[-/+] |
Synopsis
A DCE/RPC service is running on the remote host.Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2001/08/26, Modification date: 2014/05/12Ports
tcp/49153
The following DCERPC services are available on TCP port 49153 : Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Remote RPC service TCP Port : 49153 IP : 192.168.109.23 Object UUID : 5fc860e0-6f6e-4fc2-83cd-46324f25e90b UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0 Description : Unknown RPC service Annotation : RemoteAccessCheck Type : Remote RPC service TCP Port : 49153 IP : 192.168.109.23 Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0 Description : Unknown RPC service Annotation : RemoteAccessCheck Type : Remote RPC service TCP Port : 49153 IP : 192.168.109.23
|
34220 - Netstat Portscanner (WMI) |
[-/+] |
Synopsis
The list of open ports could be retrieved via netstat.Description
Using the WMI interface, it was possible to get the open ports by running the netstat command remotely.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/16, Modification date: 2017/04/03Ports
tcp/49153
Port 49153/tcp was found to be open
|
34252 - Microsoft Windows Remote Listeners Enumeration (WMI) |
[-/+] |
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/23, Modification date: 2017/04/03Ports
tcp/49153
The Win32 process 'lsass.exe' is listening on this port (pid 544). This process 'lsass.exe' (pid 544) is hosting the following Windows services : Netlogon (@%SystemRoot%\System32\netlogon.dll,-102) SamSs (@%SystemRoot%\system32\samsrv.dll,-1)
49154/tcp
|
10736 - DCE Services Enumeration |
[-/+] |
Synopsis
A DCE/RPC service is running on the remote host.Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2001/08/26, Modification date: 2014/05/12Ports
tcp/49154
The following DCERPC services are available on TCP port 49154 : Object UUID : 00000000-0000-0000-0000-000000000000 UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0 Description : Unknown RPC service Annotation : Event log TCPIP Type : Remote RPC service TCP Port : 49154 IP : 192.168.109.23 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0 Description : Unknown RPC service Annotation : NRP server endpoint Type : Remote RPC service TCP Port : 49154 IP : 192.168.109.23 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : abfb6ca3-0c5e-4734-9285-0aee72fe8d1c, version 1.0 Description : Unknown RPC service Annotation : Wcm Service Type : Remote RPC service TCP Port : 49154 IP : 192.168.109.23 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0 Description : Unknown RPC service Annotation : DHCPv6 Client LRPC Endpoint Type : Remote RPC service TCP Port : 49154 IP : 192.168.109.23 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0 Description : DHCP Client Service Windows process : svchost.exe Annotation : DHCP Client LRPC Endpoint Type : Remote RPC service TCP Port : 49154 IP : 192.168.109.23
|
34220 - Netstat Portscanner (WMI) |
[-/+] |
Synopsis
The list of open ports could be retrieved via netstat.Description
Using the WMI interface, it was possible to get the open ports by running the netstat command remotely.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/16, Modification date: 2017/04/03Ports
tcp/49154
Port 49154/tcp was found to be open
|
34252 - Microsoft Windows Remote Listeners Enumeration (WMI) |
[-/+] |
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/23, Modification date: 2017/04/03Ports
tcp/49154
The Win32 process 'svchost.exe' is listening on this port (pid 816). This process 'svchost.exe' (pid 816) is hosting the following Windows services : Audiosrv (@%SystemRoot%\system32\audiosrv.dll,-200) Dhcp (@%SystemRoot%\system32\dhcpcore.dll,-100) EventLog (@%SystemRoot%\system32\wevtsvc.dll,-200) lmhosts (@%SystemRoot%\system32\lmhsvc.dll,-101) Wcmsvc (@%SystemRoot%\System32\wcmsvc.dll,-4097)
49155/tcp
|
10736 - DCE Services Enumeration |
[-/+] |
Synopsis
A DCE/RPC service is running on the remote host.Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2001/08/26, Modification date: 2014/05/12Ports
tcp/49155
The following DCERPC services are available on TCP port 49155 : Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0 Description : Unknown RPC service Type : Remote RPC service TCP Port : 49155 IP : 192.168.109.23 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0 Description : Unknown RPC service Type : Remote RPC service TCP Port : 49155 IP : 192.168.109.23 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0 Description : Unknown RPC service Annotation : IKE/Authip API Type : Remote RPC service TCP Port : 49155 IP : 192.168.109.23 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0 Description : Unknown RPC service Annotation : IP Transition Configuration endpoint Type : Remote RPC service TCP Port : 49155 IP : 192.168.109.23 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0 Description : Unknown RPC service Annotation : Proxy Manager provider server endpoint Type : Remote RPC service TCP Port : 49155 IP : 192.168.109.23 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0 Description : Unknown RPC service Annotation : Proxy Manager client server endpoint Type : Remote RPC service TCP Port : 49155 IP : 192.168.109.23 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0 Description : Unknown RPC service Annotation : Adh APIs Type : Remote RPC service TCP Port : 49155 IP : 192.168.109.23 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0 Description : Unknown RPC service Annotation : XactSrv service Type : Remote RPC service TCP Port : 49155 IP : 192.168.109.23 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 1a0d010f-1c33-432c-b0f5-8cf4e8053099, version 1.0 Description : Unknown RPC service Annotation : IdSegSrv service Type : Remote RPC service TCP Port : 49155 IP : 192.168.109.23 Object UUID : 73736573-6f69-656e-6e76-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Remote RPC service TCP Port : 49155 IP : 192.168.109.23 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0 Description : Unknown RPC service Type : Remote RPC service TCP Port : 49155 IP : 192.168.109.23
|
34220 - Netstat Portscanner (WMI) |
[-/+] |
Synopsis
The list of open ports could be retrieved via netstat.Description
Using the WMI interface, it was possible to get the open ports by running the netstat command remotely.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/16, Modification date: 2017/04/03Ports
tcp/49155
Port 49155/tcp was found to be open
|
34252 - Microsoft Windows Remote Listeners Enumeration (WMI) |
[-/+] |
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/23, Modification date: 2017/04/03Ports
tcp/49155
The Win32 process 'svchost.exe' is listening on this port (pid 848). This process 'svchost.exe' (pid 848) is hosting the following Windows services : BITS (@%SystemRoot%\system32\qmgr.dll,-1000) CertPropSvc (@%SystemRoot%\System32\certprop.dll,-11) gpsvc (@gpapi.dll,-112) IKEEXT (@%SystemRoot%\system32\ikeext.dll,-501) iphlpsvc (@%SystemRoot%\system32\iphlpsvc.dll,-500) LanmanServer (@%systemroot%\system32\srvsvc.dll,-100) MMCSS (@%systemroot%\system32\mmcss.dll,-100) ProfSvc (@%systemroot%\system32\profsvc.dll,-300) Schedule (@%SystemRoot%\system32\schedsvc.dll,-100) SENS (@%SystemRoot%\system32\Sens.dll,-200) SessionEnv (@%SystemRoot%\System32\SessEnv.dll,-1026) ShellHWDetection (@%SystemRoot%\System32\shsvcs.dll,-12288) Themes (@%SystemRoot%\System32\themeservice.dll,-8192) Winmgmt (@%Systemroot%\system32\wbem\wmisvc.dll,-205)
49156/tcp
|
10736 - DCE Services Enumeration |
[-/+] |
Synopsis
A DCE/RPC service is running on the remote host.Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2001/08/26, Modification date: 2014/05/12Ports
tcp/49156
The following DCERPC services are available on TCP port 49156 : Object UUID : 5fc860e0-6f6e-4fc2-83cd-46324f25e90b UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0 Description : Unknown RPC service Annotation : RemoteAccessCheck Type : Remote RPC service TCP Port : 49156 IP : 192.168.109.23 Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0 Description : Unknown RPC service Annotation : RemoteAccessCheck Type : Remote RPC service TCP Port : 49156 IP : 192.168.109.23
|
34220 - Netstat Portscanner (WMI) |
[-/+] |
Synopsis
The list of open ports could be retrieved via netstat.Description
Using the WMI interface, it was possible to get the open ports by running the netstat command remotely.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/16, Modification date: 2017/04/03Ports
tcp/49156
Port 49156/tcp was found to be open
|
34252 - Microsoft Windows Remote Listeners Enumeration (WMI) |
[-/+] |
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/23, Modification date: 2017/04/03Ports
tcp/49156
The Win32 process 'lsass.exe' is listening on this port (pid 544). This process 'lsass.exe' (pid 544) is hosting the following Windows services : Netlogon (@%SystemRoot%\System32\netlogon.dll,-102) SamSs (@%SystemRoot%\system32\samsrv.dll,-1)
49181/tcp
|
10736 - DCE Services Enumeration |
[-/+] |
Synopsis
A DCE/RPC service is running on the remote host.Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2001/08/26, Modification date: 2014/05/12Ports
tcp/49181
The following DCERPC services are available on TCP port 49181 : Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345678-1234-abcd-ef00-0123456789ab, version 1.0 Description : IPsec Services (Windows XP & 2003) Windows process : lsass.exe Type : Remote RPC service TCP Port : 49181 IP : 192.168.109.23 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1.0 Description : Unknown RPC service Type : Remote RPC service TCP Port : 49181 IP : 192.168.109.23 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : ae33069b-a2a8-46ee-a235-ddfd339be281, version 1.0 Description : Unknown RPC service Type : Remote RPC service TCP Port : 49181 IP : 192.168.109.23 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 4a452661-8290-4b36-8fbe-7f4093a94978, version 1.0 Description : Unknown RPC service Type : Remote RPC service TCP Port : 49181 IP : 192.168.109.23 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 76f03f96-cdfd-44fc-a22c-64950a001209, version 1.0 Description : Unknown RPC service Type : Remote RPC service TCP Port : 49181 IP : 192.168.109.23
|
34220 - Netstat Portscanner (WMI) |
[-/+] |
Synopsis
The list of open ports could be retrieved via netstat.Description
Using the WMI interface, it was possible to get the open ports by running the netstat command remotely.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/16, Modification date: 2017/04/03Ports
tcp/49181
Port 49181/tcp was found to be open
|
34252 - Microsoft Windows Remote Listeners Enumeration (WMI) |
[-/+] |
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/23, Modification date: 2017/04/03Ports
tcp/49181
The Win32 process 'spoolsv.exe' is listening on this port (pid 1192). This process 'spoolsv.exe' (pid 1192) is hosting the following Windows services : Spooler (@%systemroot%\system32\spoolsv.exe,-1)
49200/tcp
|
34220 - Netstat Portscanner (WMI) |
[-/+] |
Synopsis
The list of open ports could be retrieved via netstat.Description
Using the WMI interface, it was possible to get the open ports by running the netstat command remotely.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/16, Modification date: 2017/04/03Ports
tcp/49200
Port 49200/tcp was found to be open
|
34252 - Microsoft Windows Remote Listeners Enumeration (WMI) |
[-/+] |
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/23, Modification date: 2017/04/03Ports
tcp/49200
The Win32 process 'NmxAppLogService.exe' is listening on this port (pid 1284). This process 'NmxAppLogService.exe' (pid 1284) is hosting the following Windows services : NmxAppLogService (ABB NM Application Logger)
49225/tcp
|
10736 - DCE Services Enumeration |
[-/+] |
Synopsis
A DCE/RPC service is running on the remote host.Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2001/08/26, Modification date: 2014/05/12Ports
tcp/49225
The following DCERPC services are available on TCP port 49225 : Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 367abb81-9844-35f1-ad32-98f038001003, version 2.0 Description : Service Control Manager Windows process : svchost.exe Type : Remote RPC service TCP Port : 49225 IP : 192.168.109.23
|
34220 - Netstat Portscanner (WMI) |
[-/+] |
Synopsis
The list of open ports could be retrieved via netstat.Description
Using the WMI interface, it was possible to get the open ports by running the netstat command remotely.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/16, Modification date: 2017/04/03Ports
tcp/49225
Port 49225/tcp was found to be open
|
34252 - Microsoft Windows Remote Listeners Enumeration (WMI) |
[-/+] |
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/23, Modification date: 2017/04/03Ports
tcp/49225
The Win32 process 'services.exe' is listening on this port (pid 536).
49227/tcp
|
10736 - DCE Services Enumeration |
[-/+] |
Synopsis
A DCE/RPC service is running on the remote host.Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2001/08/26, Modification date: 2014/05/12Ports
tcp/49227
The following DCERPC services are available on TCP port 49227 : Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 6b5bdd1e-528c-422c-af8c-a4079be4fe48, version 1.0 Description : Unknown RPC service Annotation : Remote Fw APIs Type : Remote RPC service TCP Port : 49227 IP : 192.168.109.23
|
34220 - Netstat Portscanner (WMI) |
[-/+] |
Synopsis
The list of open ports could be retrieved via netstat.Description
Using the WMI interface, it was possible to get the open ports by running the netstat command remotely.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/16, Modification date: 2017/04/03Ports
tcp/49227
Port 49227/tcp was found to be open
|
34252 - Microsoft Windows Remote Listeners Enumeration (WMI) |
[-/+] |
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/23, Modification date: 2017/04/03Ports
tcp/49227
The Win32 process 'svchost.exe' is listening on this port (pid 1592). This process 'svchost.exe' (pid 1592) is hosting the following Windows services : PolicyAgent (@%SystemRoot%\System32\polstore.dll,-5010)
55103/udp
|
34220 - Netstat Portscanner (WMI) |
[-/+] |
Synopsis
The list of open ports could be retrieved via netstat.Description
Using the WMI interface, it was possible to get the open ports by running the netstat command remotely.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/16, Modification date: 2017/04/03Ports
udp/55103
Port 55103/udp was found to be open
|
34252 - Microsoft Windows Remote Listeners Enumeration (WMI) |
[-/+] |
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/23, Modification date: 2017/04/03Ports
udp/55103
The Win32 process 'HVAMonitor.exe' is listening on this port (pid 4088).
192.168.109.201
Scan Information
| Start time: |
Wed Apr 12 01:01:19 2017 |
| End time: |
Wed Apr 12 01:10:27 2017 |
Host Information
| OS: |
AIX 5.3, FreeBSD 3.4, FreeBSD 3.5, FreeBSD 4.2, FreeBSD 4.3 |
Results Summary
| Critical |
High |
Medium |
Low |
Info |
Total |
| 0 |
0 |
0 |
0 |
4 |
4 |
Results Details
0/tcp
|
19506 - Nessus Scan Information |
[-/+] |
Synopsis
This plugin displays information about the Nessus scan.Description
This plugin displays, for each tested host, information about the scan itself : - The version of the plugin set. - The type of scanner (Nessus or Nessus Home). - The version of the Nessus Engine. - The port scanner(s) used. - The port range scanned. - Whether credentialed or third-party patch management checks are possible. - The date of the scan. - The duration of the scan. - The number of hosts scanned in parallel. - The number of checks done in parallel.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2005/08/26, Modification date: 2017/02/24Ports
tcp/0
Information about this scan : Nessus version : 6.10.4 Plugin feed version : 201704110615 Scanner edition used : Nessus Scan type : Normal Scan policy used : Credentialed Patch Audit Scanner IP : 192.168.109.112 Port scanner(s) : nessus_syn_scanner Port range : 1-65535 Thorough tests : no Experimental tests : no Paranoia level : 1 Report verbosity : 1 Safe checks : yes Optimize the test : yes Credentialed checks : no Patch management checks : None CGI scanning : disabled Web application tests : disabled Max hosts : 30 Max checks : 4 Recv timeout : 5 Backports : None Allow post-scan editing: Yes Scan Start Date : 2017/4/12 1:01 W. Europe Standard Time Scan duration : 544 sec
80/tcp
|
11219 - Nessus SYN scanner |
[-/+] |
Synopsis
It is possible to determine which TCP ports are open.Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.Solution
Protect your target with an IP filter.Risk Factor
NonePlugin Information:
Publication date: 2009/02/04, Modification date: 2016/10/18Ports
tcp/80
Port 80/tcp was found to be open
443/tcp
|
11219 - Nessus SYN scanner |
[-/+] |
Synopsis
It is possible to determine which TCP ports are open.Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.Solution
Protect your target with an IP filter.Risk Factor
NonePlugin Information:
Publication date: 2009/02/04, Modification date: 2016/10/18Ports
tcp/443
Port 443/tcp was found to be open
2404/tcp
|
11219 - Nessus SYN scanner |
[-/+] |
Synopsis
It is possible to determine which TCP ports are open.Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.Solution
Protect your target with an IP filter.Risk Factor
NonePlugin Information:
Publication date: 2009/02/04, Modification date: 2016/10/18Ports
tcp/2404
Port 2404/tcp was found to be open
10.1.1.1
Scan Information
| Start time: |
Wed Apr 12 01:01:47 2017 |
| End time: |
Wed Apr 12 01:11:32 2017 |
Host Information
| OS: |
FreeBSD 10.3-RELEASE-p5 (amd64) |
Results Summary
| Critical |
High |
Medium |
Low |
Info |
Total |
| 0 |
0 |
0 |
0 |
4 |
4 |
Results Details
0/tcp
|
19506 - Nessus Scan Information |
[-/+] |
Synopsis
This plugin displays information about the Nessus scan.Description
This plugin displays, for each tested host, information about the scan itself : - The version of the plugin set. - The type of scanner (Nessus or Nessus Home). - The version of the Nessus Engine. - The port scanner(s) used. - The port range scanned. - Whether credentialed or third-party patch management checks are possible. - The date of the scan. - The duration of the scan. - The number of hosts scanned in parallel. - The number of checks done in parallel.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2005/08/26, Modification date: 2017/02/24Ports
tcp/0
Information about this scan : Nessus version : 6.10.4 Plugin feed version : 201704110615 Scanner edition used : Nessus Scan type : Normal Scan policy used : Credentialed Patch Audit Scanner IP : 10.1.1.112 Port scanner(s) : nessus_syn_scanner Port range : 1-65535 Thorough tests : no Experimental tests : no Paranoia level : 1 Report verbosity : 1 Safe checks : yes Optimize the test : yes Credentialed checks : no Patch management checks : None CGI scanning : disabled Web application tests : disabled Max hosts : 30 Max checks : 4 Recv timeout : 5 Backports : None Allow post-scan editing: Yes Scan Start Date : 2017/4/12 1:01 W. Europe Standard Time Scan duration : 581 sec
53/tcp
|
11219 - Nessus SYN scanner |
[-/+] |
Synopsis
It is possible to determine which TCP ports are open.Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.Solution
Protect your target with an IP filter.Risk Factor
NonePlugin Information:
Publication date: 2009/02/04, Modification date: 2016/10/18Ports
tcp/53
Port 53/tcp was found to be open
80/tcp
|
11219 - Nessus SYN scanner |
[-/+] |
Synopsis
It is possible to determine which TCP ports are open.Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.Solution
Protect your target with an IP filter.Risk Factor
NonePlugin Information:
Publication date: 2009/02/04, Modification date: 2016/10/18Ports
tcp/80
Port 80/tcp was found to be open
443/tcp
|
11219 - Nessus SYN scanner |
[-/+] |
Synopsis
It is possible to determine which TCP ports are open.Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.Solution
Protect your target with an IP filter.Risk Factor
NonePlugin Information:
Publication date: 2009/02/04, Modification date: 2016/10/18Ports
tcp/443
Port 443/tcp was found to be open
10.1.1.11
Scan Information
| Start time: |
Wed Apr 12 01:02:00 2017 |
| End time: |
Wed Apr 12 01:11:37 2017 |
Host Information
| OS: |
Linux Kernel 3.1, Linux Kernel 3.3 |
Results Summary
| Critical |
High |
Medium |
Low |
Info |
Total |
| 0 |
0 |
0 |
0 |
2 |
2 |
Results Details
0/tcp
|
19506 - Nessus Scan Information |
[-/+] |
Synopsis
This plugin displays information about the Nessus scan.Description
This plugin displays, for each tested host, information about the scan itself : - The version of the plugin set. - The type of scanner (Nessus or Nessus Home). - The version of the Nessus Engine. - The port scanner(s) used. - The port range scanned. - Whether credentialed or third-party patch management checks are possible. - The date of the scan. - The duration of the scan. - The number of hosts scanned in parallel. - The number of checks done in parallel.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2005/08/26, Modification date: 2017/02/24Ports
tcp/0
Information about this scan : Nessus version : 6.10.4 Plugin feed version : 201704110615 Scanner edition used : Nessus Scan type : Normal Scan policy used : Credentialed Patch Audit Scanner IP : 10.1.1.112 Port scanner(s) : nessus_syn_scanner Port range : 1-65535 Thorough tests : no Experimental tests : no Paranoia level : 1 Report verbosity : 1 Safe checks : yes Optimize the test : yes Credentialed checks : no Patch management checks : None CGI scanning : disabled Web application tests : disabled Max hosts : 30 Max checks : 4 Recv timeout : 5 Backports : None Allow post-scan editing: Yes Scan Start Date : 2017/4/12 1:02 W. Europe Standard Time Scan duration : 573 sec
443/tcp
|
11219 - Nessus SYN scanner |
[-/+] |
Synopsis
It is possible to determine which TCP ports are open.Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.Solution
Protect your target with an IP filter.Risk Factor
NonePlugin Information:
Publication date: 2009/02/04, Modification date: 2016/10/18Ports
tcp/443
Port 443/tcp was found to be open
10.1.1.13
Scan Information
| Start time: |
Wed Apr 12 01:02:13 2017 |
| End time: |
Wed Apr 12 01:12:26 2017 |
Host Information
| OS: |
EPSON Stylus Printer, Linksys Wireless Access Point, Oracle Integrated Lights Out Manager |
Results Summary
| Critical |
High |
Medium |
Low |
Info |
Total |
| 0 |
0 |
0 |
0 |
3 |
3 |
Results Details
0/tcp
|
19506 - Nessus Scan Information |
[-/+] |
Synopsis
This plugin displays information about the Nessus scan.Description
This plugin displays, for each tested host, information about the scan itself : - The version of the plugin set. - The type of scanner (Nessus or Nessus Home). - The version of the Nessus Engine. - The port scanner(s) used. - The port range scanned. - Whether credentialed or third-party patch management checks are possible. - The date of the scan. - The duration of the scan. - The number of hosts scanned in parallel. - The number of checks done in parallel.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2005/08/26, Modification date: 2017/02/24Ports
tcp/0
Information about this scan : Nessus version : 6.10.4 Plugin feed version : 201704110615 Scanner edition used : Nessus Scan type : Normal Scan policy used : Credentialed Patch Audit Scanner IP : 10.1.1.112 Port scanner(s) : nessus_syn_scanner Port range : 1-65535 Thorough tests : no Experimental tests : no Paranoia level : 1 Report verbosity : 1 Safe checks : yes Optimize the test : yes Credentialed checks : no Patch management checks : None CGI scanning : disabled Web application tests : disabled Max hosts : 30 Max checks : 4 Recv timeout : 5 Backports : None Allow post-scan editing: Yes Scan Start Date : 2017/4/12 1:02 W. Europe Standard Time Scan duration : 609 sec
443/tcp
|
11219 - Nessus SYN scanner |
[-/+] |
Synopsis
It is possible to determine which TCP ports are open.Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.Solution
Protect your target with an IP filter.Risk Factor
NonePlugin Information:
Publication date: 2009/02/04, Modification date: 2016/10/18Ports
tcp/443
Port 443/tcp was found to be open
8900/tcp
|
11219 - Nessus SYN scanner |
[-/+] |
Synopsis
It is possible to determine which TCP ports are open.Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.Solution
Protect your target with an IP filter.Risk Factor
NonePlugin Information:
Publication date: 2009/02/04, Modification date: 2016/10/18Ports
tcp/8900
Port 8900/tcp was found to be open
10.1.1.15
Scan Information
| Start time: |
Wed Apr 12 01:02:26 2017 |
| End time: |
Wed Apr 12 01:12:50 2017 |
Host Information
| OS: |
Linux Kernel 3.1, Linux Kernel 3.3 |
Results Summary
| Critical |
High |
Medium |
Low |
Info |
Total |
| 0 |
0 |
0 |
0 |
3 |
3 |
Results Details
0/tcp
|
19506 - Nessus Scan Information |
[-/+] |
Synopsis
This plugin displays information about the Nessus scan.Description
This plugin displays, for each tested host, information about the scan itself : - The version of the plugin set. - The type of scanner (Nessus or Nessus Home). - The version of the Nessus Engine. - The port scanner(s) used. - The port range scanned. - Whether credentialed or third-party patch management checks are possible. - The date of the scan. - The duration of the scan. - The number of hosts scanned in parallel. - The number of checks done in parallel.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2005/08/26, Modification date: 2017/02/24Ports
tcp/0
Information about this scan : Nessus version : 6.10.4 Plugin feed version : 201704110615 Scanner edition used : Nessus Scan type : Normal Scan policy used : Credentialed Patch Audit Scanner IP : 10.1.1.112 Port scanner(s) : nessus_syn_scanner Port range : 1-65535 Thorough tests : no Experimental tests : no Paranoia level : 1 Report verbosity : 1 Safe checks : yes Optimize the test : yes Credentialed checks : no Patch management checks : None CGI scanning : disabled Web application tests : disabled Max hosts : 30 Max checks : 4 Recv timeout : 5 Backports : None Allow post-scan editing: Yes Scan Start Date : 2017/4/12 1:02 W. Europe Standard Time Scan duration : 620 sec
443/tcp
|
11219 - Nessus SYN scanner |
[-/+] |
Synopsis
It is possible to determine which TCP ports are open.Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.Solution
Protect your target with an IP filter.Risk Factor
NonePlugin Information:
Publication date: 2009/02/04, Modification date: 2016/10/18Ports
tcp/443
Port 443/tcp was found to be open
9001/tcp
|
11219 - Nessus SYN scanner |
[-/+] |
Synopsis
It is possible to determine which TCP ports are open.Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.Solution
Protect your target with an IP filter.Risk Factor
NonePlugin Information:
Publication date: 2009/02/04, Modification date: 2016/10/18Ports
tcp/9001
Port 9001/tcp was found to be open
10.1.1.112
Scan Information
| Start time: |
Wed Apr 12 01:02:26 2017 |
| End time: |
Wed Apr 12 01:13:41 2017 |
Host Information
| DNS Name: |
WIN-2TCJ08A60LE |
| Netbios Name: |
WIN-2TCJ08A60LE |
| IP: |
10.1.1.112 |
| OS: |
Microsoft Windows Server 2012 R2 Datacenter |
Results Summary
| Critical |
High |
Medium |
Low |
Info |
Total |
| 11 |
151 |
50 |
5 |
69 |
286 |
Results Details
0/tcp
|
96453 - Adobe Reader < 11.0.19 / 15.006.30279 / 15.023.20053 Multiple Vulnerabilities (APSB17-01) |
[-/+] |
Synopsis
The version of Adobe Reader installed on the remote Windows host is affected by multiple vulnerabilities.Description
The version of Adobe Reader installed on the remote Windows host is prior to 11.0.19, 15.006.30279, or 15.023.20053. It is, therefore, affected by multiple vulnerabilities : - Multiple memory corruption issues exist due to improper validation of unspecified input. An unauthenticated, remote attacker can exploit these to execute arbitrary code. (CVE-2017-2939, CVE-2017-2940, CVE-2017-2941, CVE-2017-2943, CVE-2017-2944, CVE-2017-2953, CVE-2017-2954) - Multiple heap buffer overflow conditions exist due to improper validation of unspecified input. An unauthenticated, remote attacker can exploit these to execute arbitrary code. (CVE-2017-2942, CVE-2017-2945, CVE-2017-2959) - A heap buffer overflow condition exists when handling JPEG2000 images due to improper validation of unspecified input. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-2946) - An unspecified security bypass vulnerability exists that allows an unauthenticated, remote attacker to have an unspecified impact. (CVE-2017-2947) - Multiple overflow conditions exist due to improper validation of unspecified input. An unauthenticated, remote attacker can exploit these to execute arbitrary code. (CVE-2017-2948, CVE-2017-2952) - A heap buffer overflow condition exists when handling the XSLT element-available() function that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-2949) - Multiple use-after-free memory errors exist when handling XFA subform layouts, hyphenation objects, field font sizes, and template objects. An unauthenticated, remote attacker can exploit these to execute arbitrary code. (CVE-2017-2950, CVE-2017-2951, CVE-2017-2961, CVE-2017-2967) - Multiple use-after-free memory errors exist that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-2955, CVE-2017-2956, CVE-2017-2957, CVE-2017-2958) - Multiple memory corruption issues exist when handling JPEG and TIFF files due to improper validation of unspecified input. An unauthenticated, remote attacker can exploit these to execute arbitrary code. (CVE-2017-2960, CVE-2017-2963, CVE-2017-2964, CVE-2017-2965) - A type confusion error exists when handling the XSLT lang() function that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-2962) - A heap buffer overflow condition exists in the ImageConversion component when handling TIFF images() due to improper validation of unspecified input. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-2966) - A buffer overflow condition exists in the JPEG2000 parser due to improper validation of unspecified input. An unauthenticated, remote attacker can exploit this to disclose sensitive information. (CVE-2017-3009) - A memory corruption issue exists in the Rendering engine due to improper validation of unspecified input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-3010) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.See Also
Solution
Upgrade to Adobe Reader version 11.0.19 / 15.006.30279 / 15.023.20053 or later.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.9 (CVSS:3.0/E:P/RL:O/RC:C)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)STIG Severity
IReferences
Plugin Information:
Publication date: 2017/01/12, Modification date: 2017/04/03Ports
tcp/0
Path : C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader Installed version : 15.20.20039.203716 Fixed version : 11.0.19 / 15.006.30279 / 15.023.20053
|
10913 - Microsoft Windows - Local Users Information : Disabled Accounts |
[-/+] |
Synopsis
At least one local user account has been disabled.Description
Using the supplied credentials, Nessus was able to list local user accounts that have been disabled.Solution
Delete accounts that are no longer needed.Risk Factor
NoneReferences
Plugin Information:
Publication date: 2002/03/17, Modification date: 2017/01/26Ports
tcp/0
The following local user account has been disabled : - Guest Note that, in addition to the Administrator and Guest accounts, Nessus has only checked for local users with UIDs between 1000 and 1200. To use a different range, edit the scan policy and change the 'Start UID' and/or 'End UID' preferences for 'SMB use host SID to enumerate local users' setting, and then re-run the scan.
|
10914 - Microsoft Windows - Local Users Information : Never Changed Passwords |
[-/+] |
Synopsis
At least one local user has never changed his or her password.Description
Using the supplied credentials, Nessus was able to list local users who have never changed their passwords.Solution
Allow or require users to change their passwords regularly.Risk Factor
NoneReferences
Plugin Information:
Publication date: 2002/03/17, Modification date: 2017/01/26Ports
tcp/0
The following local user has never changed his/her password : - Guest Note that, in addition to the Administrator and Guest accounts, Nessus has only checked for local users with UIDs between 1000 and 1200. To use a different range, edit the scan policy and change the 'Start UID' and/or 'End UID' preferences for 'SMB use host SID to enumerate local users' setting, and then re-run the scan.
|
10915 - Microsoft Windows - Local Users Information : User Has Never Logged In |
[-/+] |
Synopsis
At least one local user has never logged into his or her account.Description
Using the supplied credentials, Nessus was able to list local users who have never logged into their accounts.Solution
Delete accounts that are not needed.Risk Factor
NoneReferences
Plugin Information:
Publication date: 2002/03/17, Modification date: 2017/01/26Ports
tcp/0
The following local user has never logged in : - Guest Note that, in addition to the Administrator and Guest accounts, Nessus has only checked for local users with UIDs between 1000 and 1200. To use a different range, edit the scan policy and change the 'Start UID' and/or 'End UID' preferences for 'SMB use host SID to enumerate local users' setting, and then re-run the scan.
|
12634 - Authenticated Check : OS Name and Installed Package Enumeration |
[-/+] |
Synopsis
This plugin gathers information about the remote host via an authenticated session.Description
This plugin logs into the remote host using SSH, RSH, RLOGIN, Telnet, or local commands and extracts the list of installed packages. If using SSH, the scan should be configured with a valid SSH public key and possibly an SSH passphrase (if the SSH public key is protected by a passphrase).Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/07/06, Modification date: 2017/04/10Ports
tcp/0
Nessus can run commands on localhost to check if patches are applied. However, the execution of the command "uname -a" failed, so local security checks have not been enabled.
|
19506 - Nessus Scan Information |
[-/+] |
Synopsis
This plugin displays information about the Nessus scan.Description
This plugin displays, for each tested host, information about the scan itself : - The version of the plugin set. - The type of scanner (Nessus or Nessus Home). - The version of the Nessus Engine. - The port scanner(s) used. - The port range scanned. - Whether credentialed or third-party patch management checks are possible. - The date of the scan. - The duration of the scan. - The number of hosts scanned in parallel. - The number of checks done in parallel.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2005/08/26, Modification date: 2017/02/24Ports
tcp/0
Information about this scan : Nessus version : 6.10.4 Plugin feed version : 201704110615 Scanner edition used : Nessus Scan type : Normal Scan policy used : Credentialed Patch Audit Scanner IP : 10.1.1.112 Thorough tests : no Experimental tests : no Paranoia level : 1 Report verbosity : 1 Safe checks : yes Optimize the test : yes Credentialed checks : yes, as '10.1.1.112\Administrator' via SMB Patch management checks : None CGI scanning : disabled Web application tests : disabled Max hosts : 30 Max checks : 4 Recv timeout : 5 Backports : None Allow post-scan editing: Yes Scan Start Date : 2017/4/12 1:02 W. Europe Standard Time Scan duration : 675 sec
|
38153 - Microsoft Windows Summary of Missing Patches |
[-/+] |
Synopsis
The remote host is missing several Microsoft security patches.Description
This plugin summarizes updates for Microsoft Security Bulletins that have not been installed on the remote Windows host based on the results of either a credentialed check using the supplied credentials or a check done using a supported third-party patch management tool. Review the summary and apply any missing updates in order to be up-to- date.Solution
Run Windows Update on the remote host or use a patch management solution.Risk Factor
NonePlugin Information:
Publication date: 2009/04/24, Modification date: 2013/02/04Ports
tcp/0
The patches for the following bulletins are missing on the remote host : - MS11-025 ( http://technet.microsoft.com/en-us/security/bulletin/ms11-025 ) - MS13-080 ( http://technet.microsoft.com/en-us/security/bulletin/ms13-080 ) - MS13-088 ( http://technet.microsoft.com/en-us/security/bulletin/ms13-088 ) - MS13-089 ( http://technet.microsoft.com/en-us/security/bulletin/ms13-089 ) - MS13-090 ( http://technet.microsoft.com/en-us/security/bulletin/ms13-090 ) - MS13-095 ( http://technet.microsoft.com/en-us/security/bulletin/ms13-095 ) - MS13-097 ( http://technet.microsoft.com/en-us/security/bulletin/ms13-097 ) - MS13-098 ( http://technet.microsoft.com/en-us/security/bulletin/ms13-098 ) - MS13-099 ( http://technet.microsoft.com/en-us/security/bulletin/ms13-099 ) - MS13-101 ( http://technet.microsoft.com/en-us/security/bulletin/ms13-101 ) - MS14-005 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-005 ) - MS14-007 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-007 ) - MS14-009 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-009 ) - MS14-010 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-010 ) - MS14-011 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-011 ) - MS14-012 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-012 ) - MS14-015 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-015 ) - MS14-018 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-018 ) - MS14-019 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-019 ) - MS14-021 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-021 ) - MS14-026 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-026 ) - MS14-027 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-027 ) - MS14-029 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-029 ) - MS14-030 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-030 ) - MS14-031 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-031 ) - MS14-033 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-033 ) - MS14-035 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-035 ) - MS14-036 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-036 ) - MS14-037 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-037 ) - MS14-039 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-039 ) - MS14-040 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-040 ) - MS14-047 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-047 ) - MS14-049 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-049 ) - MS14-053 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-053 ) - MS14-054 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-054 ) - MS14-057 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-057 ) - MS14-058 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-058 ) - MS14-060 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-060 ) - MS14-064 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-064 ) - MS14-066 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-066 ) - MS14-068 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-068 ) - MS14-071 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-071 ) - MS14-072 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-072 ) - MS14-074 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-074 ) - MS14-079 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-079 ) - MS14-085 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-085 ) - MS15-001 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-001 ) - MS15-003 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-003 ) - MS15-004 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-004 ) - MS15-005 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-005 ) - MS15-006 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-006 ) - MS15-007 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-007 ) - MS15-009 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-009 ) - MS15-010 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-010 ) - MS15-014 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-014 ) - MS15-015 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-015 ) - MS15-016 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-016 ) - MS15-018 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-018 ) - MS15-020 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-020 ) - MS15-021 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-021 ) - MS15-023 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-023 ) - MS15-024 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-024 ) - MS15-025 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-025 ) - MS15-028 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-028 ) - MS15-029 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-029 ) - MS15-030 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-030 ) - MS15-031 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-031 ) - MS15-032 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-032 ) - MS15-034 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-034 ) - MS15-038 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-038 ) - MS15-041 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-041 ) - MS15-043 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-043 ) - MS15-044 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-044 ) - MS15-048 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-048 ) - MS15-050 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-050 ) - MS15-051 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-051 ) - MS15-052 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-052 ) - MS15-054 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-054 ) - MS15-055 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-055 ) - MS15-056 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-056 ) - MS15-060 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-060 ) - MS15-061 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-061 ) - MS15-065 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-065 ) - MS15-068 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-068 ) - MS15-069 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-069 ) - MS15-072 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-072 ) - MS15-073 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-073 ) - MS15-074 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-074 ) - MS15-075 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-075 ) - MS15-076 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-076 ) - MS15-077 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-077 ) - MS15-078 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-078 ) - MS15-080 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-080 ) - MS15-082 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-082 ) - MS15-084 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-084 ) - MS15-085 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-085 ) - MS15-088 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-088 ) - MS15-090 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-090 ) - MS15-096 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-096 ) - MS15-097 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-097 ) - MS15-101 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-101 ) - MS15-102 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-102 ) - MS15-109 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-109 ) - MS15-111 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-111 ) - MS15-115 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-115 ) - MS15-118 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-118 ) - MS15-119 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-119 ) - MS15-120 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-120 ) - MS15-121 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-121 ) - MS15-122 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-122 ) - MS15-124 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-124 ) - MS15-128 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-128 ) - MS15-132 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-132 ) - MS15-133 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-133 ) - MS15-135 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-135 ) - MS16-005 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-005 ) - MS16-007 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-007 ) - MS16-008 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-008 ) - MS16-012 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-012 ) - MS16-014 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-014 ) - MS16-017 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-017 ) - MS16-018 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-018 ) - MS16-020 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-020 ) - MS16-021 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-021 ) - MS16-026 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-026 ) - MS16-028 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-028 ) - MS16-030 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-030 ) - MS16-032 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-032 ) - MS16-033 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-033 ) - MS16-034 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-034 ) - MS16-039 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-039 ) - MS16-040 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-040 ) - MS16-044 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-044 ) - MS16-047 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-047 ) - MS16-048 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-048 ) - MS16-055 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-055 ) - MS16-057 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-057 ) - MS16-060 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-060 ) - MS16-061 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-061 ) - MS16-062 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-062 ) - MS16-063 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-063 ) - MS16-067 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-067 ) - MS16-072 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-072 ) - MS16-073 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-073 ) - MS16-074 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-074 ) - MS16-075 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-075 ) - MS16-076 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-076 ) - MS16-077 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-077 ) - MS16-080 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-080 ) - MS16-082 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-082 ) - MS16-087 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-087 ) - MS16-090 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-090 ) - MS16-092 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-092 ) - MS16-094 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-094 ) - MS16-097 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-097 ) - MS16-098 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-098 ) - MS16-100 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-100 ) - MS16-101 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-101 ) - MS16-102 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-102 ) - MS16-106 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-106 ) - MS16-111 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-111 ) - MS16-112 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-112 ) - MS16-114 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-114 ) - MS16-115 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-115 ) - MS16-116 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-116 ) - MS16-118 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-118 ) - MS16-120 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-120 ) - MS16-123 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-123 ) - MS16-124 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-124 ) - MS16-130 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-130 ) - MS16-132 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-132 ) - MS16-134 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-134 ) - MS16-135 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-135 ) - MS16-137 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-137 ) - MS16-138 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-138 ) - MS16-140 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-140 ) - MS16-142 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-142 ) - MS16-144 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-144 ) - MS16-146 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-146 ) - MS16-147 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-147 ) - MS16-149 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-149 ) - MS16-151 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-151 ) - MS16-153 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-153 ) - MS17-006 ( http://technet.microsoft.com/en-us/security/bulletin/ms17-006 ) - MS17-009 ( http://technet.microsoft.com/en-us/security/bulletin/ms17-009 ) - MS17-010 ( http://technet.microsoft.com/en-us/security/bulletin/ms17-010 ) - MS17-011 ( http://technet.microsoft.com/en-us/security/bulletin/ms17-011 ) - MS17-012 ( http://technet.microsoft.com/en-us/security/bulletin/ms17-012 ) - MS17-013 ( http://technet.microsoft.com/en-us/security/bulletin/ms17-013 ) - MS17-016 ( http://technet.microsoft.com/en-us/security/bulletin/ms17-016 ) - MS17-017 ( http://technet.microsoft.com/en-us/security/bulletin/ms17-017 ) - MS17-018 ( http://technet.microsoft.com/en-us/security/bulletin/ms17-018 ) - MS17-021 ( http://technet.microsoft.com/en-us/security/bulletin/ms17-021 ) - MS17-022 ( http://technet.microsoft.com/en-us/security/bulletin/ms17-022 )
|
66334 - Patch Report |
[-/+] |
Synopsis
The remote host is missing several patches.Description
The remote host is missing one or more security patches. This plugin lists the newest version of each patch to install to make sure the remote host is up-to-date.Solution
Install the patches listed below.Risk Factor
NonePlugin Information:
Publication date: 2013/07/08, Modification date: 2017/03/14Ports
tcp/0
. Microsoft Operating System Patches : + To patch the remote system, you need to install the following Microsoft patches : - KB4012213 (MS17-022) (3 vulnerabilities) - KB4012216 (MS17-022) (3 vulnerabilities) - KB4012213 (MS17-021) - KB4012216 (MS17-021) - KB4012213 (MS17-018) - KB4012216 (MS17-018) - KB4012213 (MS17-017) (2 vulnerabilities) - KB4012216 (MS17-017) (2 vulnerabilities) - KB4012213 (MS17-016) - KB4012216 (MS17-016) - KB4012213 (MS17-013) (11 vulnerabilities) - KB4012216 (MS17-013) (11 vulnerabilities) - KB4012213 (MS17-012) - KB4012216 (MS17-012) - KB4012213 (MS17-011) (2 vulnerabilities) - KB4012216 (MS17-011) (2 vulnerabilities) - KB4012213 (MS17-010) - KB4012216 (MS17-010) - KB4012213 (MS17-009) - KB4012216 (MS17-009) - KB4012204 (MS17-006) (4 vulnerabilities) - KB4012216 (MS17-006) (4 vulnerabilities) - KB3205400 (MS16-153) (2 vulnerabilities) - KB3205401 (MS16-153) (2 vulnerabilities) - KB3205400 (MS16-149) (7 vulnerabilities) - KB3205401 (MS16-149) (7 vulnerabilities) - KB3197873 (MS16-142) (4 vulnerabilities) - KB3197874 (MS16-142) (4 vulnerabilities) - KB3197873 (MS16-140) - KB3197874 (MS16-140) - KB3197873 (MS16-138) - KB3197874 (MS16-138) - KB3197873 (MS16-132) (7 vulnerabilities) - KB3197874 (MS16-132) (7 vulnerabilities) - KB3197873 (MS16-130) (3 vulnerabilities) - KB3197874 (MS16-130) (3 vulnerabilities) - KB3185331 (MS16-124) (2 vulnerabilities) - KB3192392 (MS16-124) (2 vulnerabilities) - KB3185331 (MS16-123) (2 vulnerabilities) - KB3192392 (MS16-123) (2 vulnerabilities) - KB3184943 (MS16-115) (1 vulnerabilities) - KB3178539 (MS16-112) - KB3185911 (MS16-106) (35 vulnerabilities) - KB3172729 (MS16-100) - KB3172727 (MS16-094) - KB3170455 (MS16-087) (1 vulnerabilities) - KB3161958 (MS16-082) - KB3157569 (MS16-080) (2 vulnerabilities) - KB3161949 (MS16-077) - KB3162343 (MS16-076) (1 vulnerabilities) - KB3161561 (MS16-075) (1 vulnerabilities) - KB3159398 (MS16-072) - KB3155784 (MS16-067) - KB3153704 (MS16-061) (2 vulnerabilities) - KB3156059 (MS16-057) - KB3146723 (MS16-048) (1 vulnerabilities) - KB3149090 (MS16-047) (2 vulnerabilities) - KB3146706 (MS16-044) (1 vulnerabilities) - KB3139398 (MS16-033) - KB3139914 (MS16-032) - KB3139940 (MS16-030) (4 vulnerabilities) - KB3133043 (MS16-021) (1 vulnerabilities) - KB3134222 (MS16-020) (1 vulnerabilities) - KB3126446 (MS16-017) (2 vulnerabilities) - KB3126041 (MS16-014) (6 vulnerabilities) - KB3126434 (MS16-014) (6 vulnerabilities) - KB3126587 (MS16-014) (6 vulnerabilities) - KB3126593 (MS16-014) (6 vulnerabilities) - KB3109094 (MS15-135) (1 vulnerabilities) - KB3109103 (MS15-133) - KB3108347 (MS15-132) (3 vulnerabilities) - KB3102939 (MS15-120) - KB3092601 (MS15-119) (2 vulnerabilities) - KB3097997 (MS15-118) (4 vulnerabilities) - KB3098779 (MS15-118) (4 vulnerabilities) - KB3080446 (MS15-109) (4 vulnerabilities) - KB3084135 (MS15-102) (1 vulnerabilities) - KB3074228 (MS15-101) (2 vulnerabilities) - KB3074548 (MS15-101) (2 vulnerabilities) - KB3060716 (MS15-090) (1 vulnerabilities) - KB3071756 (MS15-085) (8 vulnerabilities) - KB3076895 (MS15-084) (3 vulnerabilities) - KB3075220 (MS15-082) (1 vulnerabilities) - KB3046359 (MS15-068) - KB3059317 (MS15-060) (1 vulnerabilities) - KB3045171 (MS15-051) (1 vulnerabilities) - KB3055642 (MS15-050) - KB3037579 (MS15-041) (1 vulnerabilities) - KB3042553 (MS15-034) - KB3035126 (MS15-029) - KB3030377 (MS15-028) - KB3004361 (MS15-014) - KB3004365 (MS15-006) (1 vulnerabilities) - KB3022777 (MS15-005) - KB3019978 (MS15-004) - KB3021674 (MS15-003) - KB2978126 (MS14-072) (3 vulnerabilities) - KB2977765 (MS14-053) (1 vulnerabilities) - KB2961858 (MS14-031) (1 vulnerabilities) - KB2912390 (MS14-007) - KB2892074 (MS13-099) - KB2893294 (MS13-098) - KB2868626 (MS13-095) - KB2900986 (MS13-090) (1 vulnerabilities) - KB2565063 (MS11-025) (1 vulnerabilities) . You need to take the following 3 actions : [ Adobe Reader < 11.0.19 / 15.006.30279 / 15.023.20053 Multiple Vulnerabilities (APSB17-01) (96453) ] + Action to take : Upgrade to Adobe Reader version 11.0.19 / 15.006.30279 / 15.023.20053 or later. +Impact : Taking this action will resolve 31 different vulnerabilities (CVEs). [ Mozilla Firefox < 52.0.1 CreateImageBitmap RCE (99125) ] + Action to take : Upgrade to Mozilla Firefox version 52.0.1 or later. +Impact : Taking this action will resolve 86 different vulnerabilities (CVEs). [ Wireshark 2.0.x < 2.0.11 / 2.2.x < 2.2.5 Multiple DoS (97574) ] + Action to take : Upgrade to Wireshark version 2.0.11 / 2.2.5 or later. +Impact : Taking this action will resolve 5 different vulnerabilities (CVEs).
135/tcp
|
10736 - DCE Services Enumeration |
[-/+] |
Synopsis
A DCE/RPC service is running on the remote host.Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2001/08/26, Modification date: 2014/05/12Ports
tcp/135
The following DCERPC services are available locally : Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91 UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : WindowsShutdown Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91 UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : WMsgKRpc078630 Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000 UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : WindowsShutdown Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000 UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : WMsgKRpc078630 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : LRPC-07c947f8e97f630a34 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : LSMApi Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Local RPC service Named pipe : audit Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Local RPC service Named pipe : securityevent Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Local RPC service Named pipe : LSARPC_ENDPOINT Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Local RPC service Named pipe : lsacap Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Local RPC service Named pipe : LSA_EAS_ENDPOINT Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Local RPC service Named pipe : lsapolicylookup Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Local RPC service Named pipe : lsasspirpc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Local RPC service Named pipe : protected_storage Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Local RPC service Named pipe : SidKey Local End Point Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Local RPC service Named pipe : samss lpc Object UUID : 555bf1ef-3238-4e2e-bf32-88f3edd2accd UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0 Description : Distributed Transaction Coordinator Windows process : msdtc.exe Type : Local RPC service Named pipe : LRPC-b2aaccaa7096170b05 Object UUID : dd89b036-1fef-4b1d-9e88-56a191cdec13 UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0 Description : Distributed Transaction Coordinator Windows process : msdtc.exe Type : Local RPC service Named pipe : LRPC-b2aaccaa7096170b05 Object UUID : 579a3331-7e7c-493a-a2c8-79d752de34ab UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0 Description : Distributed Transaction Coordinator Windows process : msdtc.exe Type : Local RPC service Named pipe : LRPC-b2aaccaa7096170b05 Object UUID : b0d3b2a9-564a-4a0a-a57f-5957d22fd0b0 UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0 Description : Distributed Transaction Coordinator Windows process : msdtc.exe Type : Local RPC service Named pipe : OLEE2782CAE9D9E8B135581066B2102 Object UUID : b0d3b2a9-564a-4a0a-a57f-5957d22fd0b0 UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0 Description : Distributed Transaction Coordinator Windows process : msdtc.exe Type : Local RPC service Named pipe : LRPC-3c78ef110b10745151 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345678-1234-abcd-ef00-0123456789ab, version 1.0 Description : IPsec Services (Windows XP & 2003) Windows process : lsass.exe Type : Local RPC service Named pipe : LRPC-cb79af684bc6f0c533 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : LRPC-cb79af684bc6f0c533 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : ae33069b-a2a8-46ee-a235-ddfd339be281, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : LRPC-cb79af684bc6f0c533 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 4a452661-8290-4b36-8fbe-7f4093a94978, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : LRPC-cb79af684bc6f0c533 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 76f03f96-cdfd-44fc-a22c-64950a001209, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : LRPC-cb79af684bc6f0c533 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : f2c9b409-c1c9-4100-8639-d8ab1486694a, version 1.0 Description : Unknown RPC service Annotation : Witness Client Upcall Server Type : Local RPC service Named pipe : DNSResolver Object UUID : 00000000-0000-0000-0000-000000000000 UUID : f2c9b409-c1c9-4100-8639-d8ab1486694a, version 1.0 Description : Unknown RPC service Annotation : Witness Client Upcall Server Type : Local RPC service Named pipe : LRPC-f2f40f14cbb67560fb Object UUID : 00000000-0000-0000-0000-000000000000 UUID : eb081a0d-10ee-478a-a1dd-50995283e7a8, version 3.0 Description : Unknown RPC service Annotation : Witness Client Test Interface Type : Local RPC service Named pipe : DNSResolver Object UUID : 00000000-0000-0000-0000-000000000000 UUID : eb081a0d-10ee-478a-a1dd-50995283e7a8, version 3.0 Description : Unknown RPC service Annotation : Witness Client Test Interface Type : Local RPC service Named pipe : LRPC-f2f40f14cbb67560fb Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 7f1343fe-50a9-4927-a778-0c5859517bac, version 1.0 Description : Unknown RPC service Annotation : DfsDs service Type : Local RPC service Named pipe : DNSResolver Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 7f1343fe-50a9-4927-a778-0c5859517bac, version 1.0 Description : Unknown RPC service Annotation : DfsDs service Type : Local RPC service Named pipe : LRPC-f2f40f14cbb67560fb Object UUID : 00000000-0000-0000-0000-000000000000 UUID : dd490425-5325-4565-b774-7e27d6c09c24, version 1.0 Description : Unknown RPC service Annotation : Base Firewall Engine API Type : Local RPC service Named pipe : LRPC-a709f706be6f348665 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 7f9d11bf-7fb9-436b-a812-b2d50c5d4c03, version 1.0 Description : Unknown RPC service Annotation : Fw APIs Type : Local RPC service Named pipe : LRPC-a709f706be6f348665 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 7f9d11bf-7fb9-436b-a812-b2d50c5d4c03, version 1.0 Description : Unknown RPC service Annotation : Fw APIs Type : Local RPC service Named pipe : LRPC-484e454d3a3741cc9a Object UUID : 00000000-0000-0000-0000-000000000000 UUID : f47433c3-3e9d-4157-aad4-83aa1f5c2d4c, version 1.0 Description : Unknown RPC service Annotation : Fw APIs Type : Local RPC service Named pipe : LRPC-a709f706be6f348665 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : f47433c3-3e9d-4157-aad4-83aa1f5c2d4c, version 1.0 Description : Unknown RPC service Annotation : Fw APIs Type : Local RPC service Named pipe : LRPC-484e454d3a3741cc9a Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0 Description : Unknown RPC service Annotation : Fw APIs Type : Local RPC service Named pipe : LRPC-a709f706be6f348665 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0 Description : Unknown RPC service Annotation : Fw APIs Type : Local RPC service Named pipe : LRPC-484e454d3a3741cc9a Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 7ea70bcf-48af-4f6a-8968-6a440754d5fa, version 1.0 Description : Unknown RPC service Annotation : NSI server endpoint Type : Local RPC service Named pipe : OLE4AC691C133E8369F79623419337E Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 7ea70bcf-48af-4f6a-8968-6a440754d5fa, version 1.0 Description : Unknown RPC service Annotation : NSI server endpoint Type : Local RPC service Named pipe : LRPC-82ac691ac57736df5f Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0 Description : Unknown RPC service Annotation : WinHttp Auto-Proxy Service Type : Local RPC service Named pipe : OLE4AC691C133E8369F79623419337E Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0 Description : Unknown RPC service Annotation : WinHttp Auto-Proxy Service Type : Local RPC service Named pipe : LRPC-82ac691ac57736df5f Object UUID : 666f7270-6c69-7365-0000-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 6c637067-6569-746e-0000-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 6c637067-6569-746e-0000-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Local RPC service Named pipe : OLE1436FB1FE57BA9FCB819B530F0A5 Object UUID : 24d1f7c7-76af-4f28-9ccd-7f6cb6468601 UUID : 2eb08e3e-639f-4fba-97b1-14f878961076, version 1.0 Description : Unknown RPC service Annotation : Group Policy RPC Interface Type : Local RPC service Named pipe : LRPC-f587f9cbdccc244f61 Object UUID : 736e6573-0000-0000-0000-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 736e6573-0000-0000-0000-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Local RPC service Named pipe : OLE1436FB1FE57BA9FCB819B530F0A5 Object UUID : 736e6573-0000-0000-0000-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Local RPC service Named pipe : senssvc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Local RPC service Named pipe : OLE1436FB1FE57BA9FCB819B530F0A5 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Local RPC service Named pipe : senssvc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Local RPC service Named pipe : OLE1436FB1FE57BA9FCB819B530F0A5 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Local RPC service Named pipe : senssvc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Local RPC service Named pipe : OLE1436FB1FE57BA9FCB819B530F0A5 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Local RPC service Named pipe : senssvc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : OLE1436FB1FE57BA9FCB819B530F0A5 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : senssvc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : ubpmtaskhostchannel Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : OLE1436FB1FE57BA9FCB819B530F0A5 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : senssvc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : ubpmtaskhostchannel Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0 Description : Unknown RPC service Annotation : IP Transition Configuration endpoint Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0 Description : Unknown RPC service Annotation : IP Transition Configuration endpoint Type : Local RPC service Named pipe : OLE1436FB1FE57BA9FCB819B530F0A5 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0 Description : Unknown RPC service Annotation : IP Transition Configuration endpoint Type : Local RPC service Named pipe : senssvc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0 Description : Unknown RPC service Annotation : IP Transition Configuration endpoint Type : Local RPC service Named pipe : ubpmtaskhostchannel Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0 Description : Unknown RPC service Annotation : Proxy Manager provider server endpoint Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0 Description : Unknown RPC service Annotation : Proxy Manager provider server endpoint Type : Local RPC service Named pipe : OLE1436FB1FE57BA9FCB819B530F0A5 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0 Description : Unknown RPC service Annotation : Proxy Manager provider server endpoint Type : Local RPC service Named pipe : senssvc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0 Description : Unknown RPC service Annotation : Proxy Manager provider server endpoint Type : Local RPC service Named pipe : ubpmtaskhostchannel Object UUID : 00000000-0000-0000-0000-000000000000 UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0 Description : Unknown RPC service Annotation : Proxy Manager client server endpoint Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0 Description : Unknown RPC service Annotation : Proxy Manager client server endpoint Type : Local RPC service Named pipe : OLE1436FB1FE57BA9FCB819B530F0A5 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0 Description : Unknown RPC service Annotation : Proxy Manager client server endpoint Type : Local RPC service Named pipe : senssvc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0 Description : Unknown RPC service Annotation : Proxy Manager client server endpoint Type : Local RPC service Named pipe : ubpmtaskhostchannel Object UUID : 00000000-0000-0000-0000-000000000000 UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0 Description : Unknown RPC service Annotation : Adh APIs Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0 Description : Unknown RPC service Annotation : Adh APIs Type : Local RPC service Named pipe : OLE1436FB1FE57BA9FCB819B530F0A5 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0 Description : Unknown RPC service Annotation : Adh APIs Type : Local RPC service Named pipe : senssvc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0 Description : Unknown RPC service Annotation : Adh APIs Type : Local RPC service Named pipe : ubpmtaskhostchannel Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0 Description : Unknown RPC service Annotation : XactSrv service Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0 Description : Unknown RPC service Annotation : XactSrv service Type : Local RPC service Named pipe : OLE1436FB1FE57BA9FCB819B530F0A5 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0 Description : Unknown RPC service Annotation : XactSrv service Type : Local RPC service Named pipe : senssvc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0 Description : Unknown RPC service Annotation : XactSrv service Type : Local RPC service Named pipe : ubpmtaskhostchannel Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 1a0d010f-1c33-432c-b0f5-8cf4e8053099, version 1.0 Description : Unknown RPC service Annotation : IdSegSrv service Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 1a0d010f-1c33-432c-b0f5-8cf4e8053099, version 1.0 Description : Unknown RPC service Annotation : IdSegSrv service Type : Local RPC service Named pipe : OLE1436FB1FE57BA9FCB819B530F0A5 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 1a0d010f-1c33-432c-b0f5-8cf4e8053099, version 1.0 Description : Unknown RPC service Annotation : IdSegSrv service Type : Local RPC service Named pipe : senssvc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 1a0d010f-1c33-432c-b0f5-8cf4e8053099, version 1.0 Description : Unknown RPC service Annotation : IdSegSrv service Type : Local RPC service Named pipe : ubpmtaskhostchannel Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Local RPC service Named pipe : OLE1436FB1FE57BA9FCB819B530F0A5 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Local RPC service Named pipe : senssvc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Local RPC service Named pipe : ubpmtaskhostchannel Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Local RPC service Named pipe : SECLOGON Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Local RPC service Named pipe : OLE1436FB1FE57BA9FCB819B530F0A5 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Local RPC service Named pipe : senssvc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Local RPC service Named pipe : ubpmtaskhostchannel Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Local RPC service Named pipe : SECLOGON Object UUID : 00000000-0000-0000-0000-000000000000 UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Local RPC service Named pipe : OLE1436FB1FE57BA9FCB819B530F0A5 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Local RPC service Named pipe : senssvc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Local RPC service Named pipe : ubpmtaskhostchannel Object UUID : 00000000-0000-0000-0000-000000000000 UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Local RPC service Named pipe : SECLOGON Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 58e604e8-9adb-4d2e-a464-3b0683fb1480, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 58e604e8-9adb-4d2e-a464-3b0683fb1480, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Local RPC service Named pipe : OLE1436FB1FE57BA9FCB819B530F0A5 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 58e604e8-9adb-4d2e-a464-3b0683fb1480, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Local RPC service Named pipe : senssvc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 58e604e8-9adb-4d2e-a464-3b0683fb1480, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Local RPC service Named pipe : ubpmtaskhostchannel Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 58e604e8-9adb-4d2e-a464-3b0683fb1480, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Local RPC service Named pipe : SECLOGON Object UUID : 8c7daf44-b6dc-11d1-9a4c-0020af6e7c57 UUID : 8c7daf44-b6dc-11d1-9a4c-0020af6e7c57, version 1.0 Description : Application Management service Windows process : svchost.exe Annotation : Group Policy RPC Interface Type : Local RPC service Named pipe : LRPC-66af0b20f7eb01a2f8 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0 Description : Unknown RPC service Annotation : Event log TCPIP Type : Local RPC service Named pipe : eventlog Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0 Description : Unknown RPC service Annotation : NRP server endpoint Type : Local RPC service Named pipe : eventlog Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0 Description : Unknown RPC service Annotation : NRP server endpoint Type : Local RPC service Named pipe : LRPC-1e879088d1679a6541 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : abfb6ca3-0c5e-4734-9285-0aee72fe8d1c, version 1.0 Description : Unknown RPC service Annotation : Wcm Service Type : Local RPC service Named pipe : eventlog Object UUID : 00000000-0000-0000-0000-000000000000 UUID : abfb6ca3-0c5e-4734-9285-0aee72fe8d1c, version 1.0 Description : Unknown RPC service Annotation : Wcm Service Type : Local RPC service Named pipe : LRPC-1e879088d1679a6541 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0 Description : Unknown RPC service Annotation : DHCPv6 Client LRPC Endpoint Type : Local RPC service Named pipe : eventlog Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0 Description : Unknown RPC service Annotation : DHCPv6 Client LRPC Endpoint Type : Local RPC service Named pipe : LRPC-1e879088d1679a6541 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0 Description : Unknown RPC service Annotation : DHCPv6 Client LRPC Endpoint Type : Local RPC service Named pipe : dhcpcsvc6 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0 Description : DHCP Client Service Windows process : svchost.exe Annotation : DHCP Client LRPC Endpoint Type : Local RPC service Named pipe : eventlog Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0 Description : DHCP Client Service Windows process : svchost.exe Annotation : DHCP Client LRPC Endpoint Type : Local RPC service Named pipe : LRPC-1e879088d1679a6541 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0 Description : DHCP Client Service Windows process : svchost.exe Annotation : DHCP Client LRPC Endpoint Type : Local RPC service Named pipe : dhcpcsvc6 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0 Description : DHCP Client Service Windows process : svchost.exe Annotation : DHCP Client LRPC Endpoint Type : Local RPC service Named pipe : dhcpcsvc Object UUID : b08669ee-8cb5-43a5-a017-84fe00000001 UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : WMsgKRpc078B71 Object UUID : 52ef130c-08fd-4388-86b3-6edf00000001 UUID : 12e65dd8-887f-41ef-91bf-8d816c42c2e7, version 1.0 Description : Unknown RPC service Annotation : Secure Desktop LRPC interface Type : Local RPC service Named pipe : WMsgKRpc078B71 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 4bec6bb8-b5c2-4b6f-b2c1-5da5cf92d0d9, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : umpo Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 4bec6bb8-b5c2-4b6f-b2c1-5da5cf92d0d9, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : actkernel Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 085b0334-e454-4d91-9b8c-4134f9e793f3, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : umpo Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 085b0334-e454-4d91-9b8c-4134f9e793f3, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : actkernel Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 8782d3b9-ebbd-4644-a3d8-e8725381919b, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : umpo Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 8782d3b9-ebbd-4644-a3d8-e8725381919b, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : actkernel Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3b338d89-6cfa-44b8-847e-531531bc9992, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : umpo Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3b338d89-6cfa-44b8-847e-531531bc9992, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : actkernel Object UUID : 00000000-0000-0000-0000-000000000000 UUID : bdaa0970-413b-4a3e-9e5d-f6dc9d7e0760, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : umpo Object UUID : 00000000-0000-0000-0000-000000000000 UUID : bdaa0970-413b-4a3e-9e5d-f6dc9d7e0760, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : actkernel Object UUID : 6d726574-7273-0076-0000-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Local RPC service Named pipe : umpo Object UUID : 6d726574-7273-0076-0000-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Local RPC service Named pipe : actkernel Object UUID : 6d726574-7273-0076-0000-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Local RPC service Named pipe : LRPC-76845c43d94292df37 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 2d98a740-581d-41b9-aa0d-a88b9d5ce938, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : umpo Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 2d98a740-581d-41b9-aa0d-a88b9d5ce938, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : actkernel Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 2d98a740-581d-41b9-aa0d-a88b9d5ce938, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : LRPC-76845c43d94292df37 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 2d98a740-581d-41b9-aa0d-a88b9d5ce938, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : LSMApi Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 8bfc3be1-6def-4e2d-af74-7c47cd0ade4a, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : umpo Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 8bfc3be1-6def-4e2d-af74-7c47cd0ade4a, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : actkernel Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 8bfc3be1-6def-4e2d-af74-7c47cd0ade4a, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : LRPC-76845c43d94292df37 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 8bfc3be1-6def-4e2d-af74-7c47cd0ade4a, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : LSMApi Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 1b37ca91-76b1-4f5e-a3c7-2abfc61f2bb0, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : umpo Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 1b37ca91-76b1-4f5e-a3c7-2abfc61f2bb0, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : actkernel Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 1b37ca91-76b1-4f5e-a3c7-2abfc61f2bb0, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : LRPC-76845c43d94292df37 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 1b37ca91-76b1-4f5e-a3c7-2abfc61f2bb0, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : LSMApi Object UUID : 00000000-0000-0000-0000-000000000000 UUID : c605f9fb-f0a3-4e2a-a073-73560f8d9e3e, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : umpo Object UUID : 00000000-0000-0000-0000-000000000000 UUID : c605f9fb-f0a3-4e2a-a073-73560f8d9e3e, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : actkernel Object UUID : 00000000-0000-0000-0000-000000000000 UUID : c605f9fb-f0a3-4e2a-a073-73560f8d9e3e, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : LRPC-76845c43d94292df37 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : c605f9fb-f0a3-4e2a-a073-73560f8d9e3e, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : LSMApi Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 0d3e2735-cea0-4ecc-a9e2-41a2d81aed4e, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : umpo Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 0d3e2735-cea0-4ecc-a9e2-41a2d81aed4e, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : actkernel Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 0d3e2735-cea0-4ecc-a9e2-41a2d81aed4e, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : LRPC-76845c43d94292df37 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 0d3e2735-cea0-4ecc-a9e2-41a2d81aed4e, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : LSMApi Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : umpo Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : actkernel Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : LRPC-76845c43d94292df37 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : LSMApi Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : LRPC-07c947f8e97f630a34 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : umpo Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : actkernel Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : LRPC-76845c43d94292df37
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/135
Port 135/tcp was found to be open
137/udp
|
10150 - Windows NetBIOS / SMB Remote Host Information Disclosure |
[-/+] |
Synopsis
It was possible to obtain the network name of the remote host.Description
The remote host is listening on UDP port 137 or TCP port 445, and replies to NetBIOS nbtscan or SMB requests. Note that this plugin gathers information to be used in other plugins, but does not itself generate a report.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 1999/10/12, Modification date: 2016/12/28Ports
udp/137
The following 3 NetBIOS names have been gathered : WIN-2TCJ08A60LE = Computer name WORKGROUP = Workgroup / Domain name WIN-2TCJ08A60LE = File Server Service The remote host has the following MAC address on its adapter : 00:0c:29:65:4a:a4
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
udp/137
Port 137/udp was found to be open
138/udp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
udp/138
Port 138/udp was found to be open
139/tcp
|
11011 - Microsoft Windows SMB Service Detection |
[-/+] |
Synopsis
A file / print sharing service is listening on the remote host.Description
The remote service understands the CIFS (Common Internet File System) or Server Message Block (SMB) protocol, used to provide shared access to files, printers, etc between nodes on a network.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2002/06/05, Modification date: 2015/06/02Ports
tcp/139
An SMB server is running on this port.
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/139
Port 139/tcp was found to be open
445/tcp
|
40362 - Mozilla Foundation Unsupported Application Detection |
[-/+] |
Synopsis
The remote host contains one or more unsupported applications from the Mozilla Foundation.Description
According to its version, there is at least one unsupported Mozilla application (Firefox, Thunderbird, and/or SeaMonkey) installed on the remote host. This version of the software is no longer actively maintained. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities.See Also
Solution
Upgrade to a version that is currently supported.Risk Factor
CriticalCVSS v3.0 Base Score
10.0 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)Plugin Information:
Publication date: 2009/07/24, Modification date: 2017/03/31Ports
tcp/445
Product : Mozilla Firefox Path : C:\Program Files\Mozilla Firefox Installed version : 49.0.2 Latest version : 52.0.2 EOL URL : https://wiki.mozilla.org/Releases#Previous_Releases
|
62758 - Microsoft XML Parser (MSXML) and XML Core Services Unsupported |
[-/+] |
Synopsis
The remote Windows host contains unsupported XML parsers.Description
The remote host contains one or more unsupported versions of the Microsoft XML Parser (MSXML) or XML Core Services. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities. Note that support for MSXML 3.0 and 6.0 is based on the support policy of the operating system on which it is installed. Support for MSXML 5.0 is based on the Microsoft Office lifecycle policy.See Also
Solution
Upgrade the software packages responsible for the unsupported DLL versions or upgrade to a supported version of Windows (Vista / 2008 or later). Alternatively, uninstall the outdated MSXML or XML Core Services.Risk Factor
CriticalCVSS v3.0 Base Score
10.0 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)Plugin Information:
Publication date: 2012/10/30, Modification date: 2017/01/14Ports
tcp/445
Path : C:\Windows\SysWOW64\msxml4.dll File version : 4.30.2100.0 XML Core version : 4.0 Post SP3 (KB2758694) EOL date : 2014/04/12 EOL announcement : https://support.microsoft.com/en-us/lifecycle/search/7921 Supported versions : 5.20.1076 (Office 2007) / 6.0 or later on a supported version of Windows (Vista / 2008 or later).
|
72704 - Microsoft .NET Framework Unsupported |
[-/+] |
Synopsis
The remote Windows host has an unsupported framework installed.Description
The remote Windows host at least one unsupported version of the Microsoft .NET Framework installed. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities.See Also
Solution
Upgrade to a version of the Microsoft .NET Framework that is currently supported.Risk Factor
CriticalCVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)Plugin Information:
Publication date: 2014/02/26, Modification date: 2016/12/06Ports
tcp/445
The following Microsoft .NET Framework version is no longer supported : Installed version : Microsoft .NET Framework v4.5.1 EOL date : January 12, 2016 EOL URL : http://support.microsoft.com/lifecycle/search/?sort=pn&alpha=.net+framework Supported versions : 3.5 / 4.5.2 / 4.6 / 4.6.1 / 4.6.2
|
73985 - MS14-026: Vulnerability in .NET Framework Could Allow Elevation of Privilege (2958732) |
[-/+] |
Synopsis
The version of the .NET Framework installed on the remote host is affected by a privilege escalation vulnerability.Description
The remote Windows host has a version of the Microsoft .NET Framework that is affected by a privilege escalation vulnerability due to the way that .NET Framework handles TypeFilterLevel checks for some malformed objects. Note that this vulnerability only affects applications that use .NET Remoting.See Also
Solution
Microsoft has released a set of patches for .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4.0, 4.5, and 4.5.1.Risk Factor
CriticalCVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.8 (CVSS2#E:POC/RL:OF/RC:C)References
Plugin Information:
Publication date: 2014/05/14, Modification date: 2016/07/01Ports
tcp/445
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.runtime.remoting.dll has not been patched. Remote version : 4.0.30319.33440 Should be : 4.0.30319.34107
|
78432 - MS14-057: Vulnerabilities in .NET Framework Could Allow Remote Code Execution (3000414) |
[-/+] |
Synopsis
The version of the .NET Framework installed on the remote host is affected by a denial of service vulnerability.Description
The remote Windows host has a version of the Microsoft .NET Framework that is affected by a vulnerability that allows a remote attacker to to execute code remotely.See Also
Solution
Microsoft has released a set of patches for .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.0, 4.5, 4.5.1, and 4.5.2.Risk Factor
CriticalCVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2014/10/15, Modification date: 2016/07/01Ports
tcp/445
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.deployment.dll has not been patched. Remote version : 4.0.30319.33440 Should be : 4.0.30319.34243 - C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.deployment.dll has not been patched. Remote version : 4.0.30319.33440 Should be : 4.0.30319.34243
|
79127 - MS14-066: Vulnerability in Schannel Could Allow Remote Code Execution (2992611) |
[-/+] |
Synopsis
The remote Windows host is affected by a remote code execution vulnerability.Description
The remote Windows host is affected by a remote code execution vulnerability due to improper processing of packets by the Secure Channel (Schannel) security package. An attacker can exploit this issue by sending specially crafted packets to a Windows server.See Also
Solution
Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.Risk Factor
CriticalCVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.8 (CVSS2#E:POC/RL:OF/RC:ND)References
Exploitable with
Core Impact (true)Plugin Information:
Publication date: 2014/11/12, Modification date: 2016/05/06Ports
tcp/445
- C:\Windows\system32\Schannel.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.17385
|
82771 - MS15-034: Vulnerability in HTTP.sys Could Allow Remote Code Execution (3042553) |
[-/+] |
Synopsis
The remote Windows host is affected by a vulnerability in the HTTP protocol stack.Description
The version of Windows running on the remote host is affected a vulnerability in the HTTP protocol stack (HTTP.sys) due to improperly parsing crafted HTTP requests. A remote attacker can exploit this to execute arbitrary code with System privileges.See Also
Solution
Microsoft has released a set of patches for Windows 7, 2008 R2, 8, 8.1, 2012, and 2012 R2Risk Factor
CriticalCVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
8.7 (CVSS2#E:ND/RL:OF/RC:C)STIG Severity
IReferences
Exploitable with
Core Impact (true)Plugin Information:
Publication date: 2015/04/14, Modification date: 2015/05/19Ports
tcp/445
- C:\Windows\system32\drivers\http.sys has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.17712
|
88644 - MS16-012: Security Update for Microsoft Windows PDF Library to Address Remote Code Execution (3138938) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple code execution vulnerabilities : - A remote code execution vulnerability exists in Windows Reader. An attacker can exploit this, by convincing a user to open a specially crafted file, to execute arbitrary code in the context of the current user. (CVE-2016-0046) - A flaw exists in the Microsoft Windows PDF Library due to improper handling of API calls. An attacker can exploit this, by convincing a user to open a specially crafted file, to execute arbitrary code in the context of the current user. (CVE-2016-0058).See Also
Solution
Microsoft has released a set of patches for Windows 2012, 8.1, 2012 R2, and 10.Risk Factor
CriticalCVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
8.3 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/02/09, Modification date: 2016/04/29Ports
tcp/445
- C:\Windows\system32\glcndfilter.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18184
|
91605 - MS16-077: Security Update for WPAD (3165191) |
[-/+] |
Synopsis
The remote host is affected by multiple elevation of privilege vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple elevation of privilege vulnerabilities : - An elevation of privilege vulnerability exists in the Web Proxy Auto Discovery (WPAD) protocol due to improper handling of the proxy discovery process. A remote attacker can exploit this, by responding to NetBIOS name requests for WPAD, to bypass security restrictions and gain elevated privileges. (CVE-2016-3213) - An elevation of privilege vulnerability exists in the Web Proxy Auto Discovery (WPAD) protocol due to improper handling of certain proxy discovery scenarios. A remote attacker can exploit this to elevate privileges, resulting in the ability to disclose or control network traffic. (CVE-2016-3236) - An elevation of privilege vulnerability exists in NetBIOS due to improper handling of responses. A remote attacker can exploit this, via specially crafted NetBIOS responses, to appear as a trusted network device, resulting in the ability to render untrusted content in a browser outside of Enhanced Protected Mode (EPM) or an application container. (CVE-2016-3299)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, RT 8.1, 2012 R2, and 10. Note that cumulative update 3160005 in MS16-063 must also be installed in order to fully resolve CVE-2016-3213.Risk Factor
CriticalCVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.8 (CVSS2#E:POC/RL:OF/RC:C)STIG Severity
IReferences
Exploitable with
Core Impact (true)Plugin Information:
Publication date: 2016/06/14, Modification date: 2016/08/10Ports
tcp/445
- C:\Windows\system32\ws2_32.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18340
|
97737 - MS17-010: Security Update for Microsoft Windows SMB Server (4013389) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by the following vulnerabilities : - Multiple remote code execution vulnerabilities exist in Microsoft Server Message Block 1.0 (SMBv1) due to improper handling of certain requests. An unauthenticated, remote attacker can exploit these vulnerabilities, via a specially crafted packet, to execute arbitrary code. (CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, CVE-2017-0148) - An information disclosure vulnerability exists in Microsoft Server Message Block 1.0 (SMBv1) due to improper handling of certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information. (CVE-2017-0147)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.Risk Factor
CriticalCVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
8.5 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IReferences
Plugin Information:
Publication date: 2017/03/15, Modification date: 2017/03/20Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 4012213 - 4012216 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18603
|
97743 - MS17-012: Security Update for Microsoft Windows (4013078) |
[-/+] |
Synopsis
The remote Windows host is affected multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability exists in Device Guard due to improper validation of certain elements in a signed PowerShell script. An unauthenticated, remote attacker can exploit this vulnerability to modify the contents of a PowerShell script without invalidating the signature associated with the file, allowing the execution of a malicious script. (CVE-2017-0007) - A denial of service vulnerability exists in the Microsoft Server Message Block 2.0 and 3.0 (SMBv2/SMBv3) client implementations due to improper handling of certain requests sent to the client. An unauthenticated, remote attacker can exploit this issue, via a malicious SMB server, to cause the system to stop responding until it is manually restarted. (CVE-2017-0016) - A remote code execution vulnerability exists due to using an insecure path to load certain dynamic link library (DLL) files. A local attacker can exploit this, via a specially crafted library placed in the path, to execute arbitrary code. (CVE-2017-0039) - An information disclosure vulnerability exists in Windows dnsclient due to improper handling of certain requests. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted web page, to gain access to sensitive information on a targeted workstation. If the target is a server, the attacker can also exploit this issue by tricking the server into sending a DNS query to a malicious DNS server. (CVE-2017-0057) - An elevation of privilege vulnerability exists in Helppane.exe due to a failure by an unspecified DCOM object, configured to run as the interactive user, to properly authenticate the client. An authenticated, remote attacker can exploit this, via a specially crafted application, to execute arbitrary code in another user's session. (CVE-2017-0100) - An integer overflow condition exists in the iSNS Server service due to improper validation of input from the client. An unauthenticated, remote attacker can exploit this issue, via a specially crafted application that connects and issues requests to the iSNS server, to execute arbitrary code in the context of the SYSTEM account. (CVE-2017-0104)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.Risk Factor
CriticalCVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
8.8 (CVSS:3.0/E:P/RL:O/RC:C)CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.8 (CVSS2#E:POC/RL:OF/RC:C)STIG Severity
IReferences
Plugin Information:
Publication date: 2017/03/15, Modification date: 2017/03/20Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 4012213 - 4012216 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18603
|
53382 - MS11-025: Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution (2500212) |
[-/+] |
Synopsis
Arbitrary code can be executed on the remote host through the Microsoft Foundation Class library.Description
The remote Windows host contains a version of the Microsoft Foundation Class (MFC) library affected by an insecure library loading vulnerability. The path used for loading external libraries is not securely restricted. An attacker can exploit this by tricking a user into opening an MFC application in a directory that contains a malicious DLL, resulting in arbitrary code execution.See Also
Solution
Microsoft has released a set of patches for Visual Studio .NET 2003, 2005, and 2008, as well as Visual C++ 2005, 2008, and 2010.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IIReferences
Plugin Information:
Publication date: 2011/04/13, Modification date: 2016/05/06Ports
tcp/445
The following Visual C++ Redistributable Package has not been patched : Product : Visual C++ 2010 SP1 Redistributable Package Installed version : 10.0.40219.1 Fixed version : 10.0.40219.325
|
70332 - MS13-080: Cumulative Security Update for Internet Explorer (2879017) |
[-/+] |
Synopsis
The remote host is affected by multiple code execution vulnerabilities.Description
The remote host is missing Internet Explorer (IE) Security Update 2879017. The installed version of IE is affected by multiple vulnerabilities that could allow an attacker to execute arbitrary code on the remote host.See Also
Solution
Microsoft has released a set of patches for XP, 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:ND)References
Exploitable with
CANVAS (true)Core Impact (true)Metasploit (true)Plugin Information:
Publication date: 2013/10/09, Modification date: 2016/12/09Ports
tcp/445
- C:\Windows\system32\Mshtml.dll has not been patched. Remote version : 11.0.9600.16384 Should be : 11.0.9600.16412
|
70846 - MS13-088: Cumulative Security Update for Internet Explorer (2888505) |
[-/+] |
Synopsis
The remote host is affected by multiple code execution vulnerabilities.Description
The remote host is missing Internet Explorer (IE) Security Update 2888505. The installed version of IE is affected by multiple vulnerabilities that could allow an attacker to execute arbitrary code on the remote host.See Also
Solution
Microsoft has released a set of patches for XP, 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)References
Plugin Information:
Publication date: 2013/11/13, Modification date: 2016/05/19Ports
tcp/445
- C:\Windows\system32\Mshtml.dll has not been patched. Remote version : 11.0.9600.16384 Should be : 11.0.9600.16438
|
70847 - MS13-089: Critical Vulnerability in Windows Graphics Device Interface Could Allow Remote Code Execution (2876331) |
[-/+] |
Synopsis
The remote host is affected by a remote code execution vulnerability.Description
The remote host contains a version of Microsoft Windows that is affected by a remote code execution vulnerability. The vulnerability exists in the Graphic Rendering Engine, and in the way Windows handles Metafiles. An attacker could exploit this issue to execute arbitrary code on the remote host.See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, 2012 R2, RT, and RT 8.1.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2013/11/13, Modification date: 2016/05/19Ports
tcp/445
- C:\Windows\system32\gdi32.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.16421
|
70848 - MS13-090: Cumulative Security Update of ActiveX Kill Bits (2900986) |
[-/+] |
Synopsis
The remote Windows host is missing an update that disables selected ActiveX controls.Description
The remote Windows host is missing a security update that sets kill bits to prevent Microsoft's InformationCardSigninHelper Class ActiveX control from instantiating in Internet Explorer. This control has a vulnerability that can be abused to execute arbitrary code remotely, if a user can be tricked into viewing a malicious web page using Internet Explorer. It is currently being exploited through limited, targeted attacks.See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, 2012 R2, RT, and RT 8.1Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
8.8 (CVSS2#E:F/RL:U/RC:ND)STIG Severity
IIReferences
Exploitable with
CANVAS (true)Core Impact (true)Metasploit (true)Plugin Information:
Publication date: 2013/11/13, Modification date: 2016/12/09Ports
tcp/445
The kill bit has not been set for the following control : {19916e01-b44e-4e31-94a4-4696df46157b} Note that Nessus did not check whether there were other kill bits that have not been set because the "Perform thorough tests" setting was not enabled when this scan was run.
|
71312 - MS13-097: Cumulative Security Update for Internet Explorer (2898785) |
[-/+] |
Synopsis
The remote host has a web browser that is affected by multiple vulnerabilities.Description
The remote host is missing Internet Explorer (IE) Security Update 2898785. The installed version of IE is affected by multiple elevation of privilege and memory corruption vulnerabilities that could allow an attacker to execute arbitrary code on the remote host.See Also
Solution
Microsoft has released a set of patches for XP, 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)References
Exploitable with
Core Impact (true)Metasploit (true)Plugin Information:
Publication date: 2013/12/11, Modification date: 2017/02/06Ports
tcp/445
- C:\Windows\system32\Mshtml.dll has not been patched. Remote version : 11.0.9600.16384 Should be : 11.0.9600.16476
|
71313 - MS13-098: Vulnerability in Windows Could Allow Remote Code Execution (2893294) |
[-/+] |
Synopsis
The remote host is affected by a remote code execution vulnerability.Description
The remote host contains a version of Microsoft Windows that is affected by a remote code execution vulnerability. The vulnerability exists in the method in which the WinVerifyTrust function deals with Windows Authenticode signature verification for portable executable files. An attacker could modify an existing signed executable to add malicious code without invalidating the signature. An attacker could then convince a user to run this signed executable and gain complete control of the system.See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1 and 2012 R2.Risk Factor
HighCVSS Base Score
7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.6 (CVSS2#E:ND/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2013/12/11, Modification date: 2015/04/23Ports
tcp/445
- C:\Windows\system32\imagehlp.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.16438
|
71314 - MS13-099: Vulnerability in Microsoft Scripting Runtime Object Library Could Allow Remote Code Execution (2909158) |
[-/+] |
Synopsis
The remote host is affected by a remote code execution vulnerability.Description
The remote host contains a version of Microsoft Windows that is affected by a remote code execution vulnerability in the Microsoft Scripting Runtime Object Library. An attacker could craft a malicious website designed to exploit this vulnerability via components of Internet Explorer. An attacker could then trick a user into visiting a website or opening an email attachment containing the crafted exploit.See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1 and 2012 R2.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2013/12/11, Modification date: 2016/05/19Ports
tcp/445
- C:\Windows\system32\scrrun.dll has not been patched. Remote version : 5.8.9600.16384 Should be : 5.8.9600.16429
|
71316 - MS13-101: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2880430) |
[-/+] |
Synopsis
The Windows kernel drivers on the remote host are affected by multiple vulnerabilities.Description
The remote Windows host has the following vulnerabilities : - Multiple errors exist in the Windows kernel-mode drivers that could allow privilege escalation and arbitrary code execution. (CVE-2013-3899, CVE-2013-3902, CVE-2013-5058) - An error exists in the way the Windows kernel-mode driver parses TrueType fonts that could allow denial of service attacks. (CVE-2013-3903) - An error exists in the Windows audio port-class driver that could allow privilege escalation and arbitrary code execution. (CVE-2013-3907) An attacker who successfully exploited these vulnerabilities could read arbitrary amounts of kernel memory or gain elevated privileges.See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.Risk Factor
HighCVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.6 (CVSS2#E:POC/RL:OF/RC:C)References
Exploitable with
Core Impact (true)Plugin Information:
Publication date: 2013/12/11, Modification date: 2016/05/19Ports
tcp/445
- C:\Windows\system32\win32k.sys has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.16457
|
72428 - MS14-005: Vulnerability in Microsoft XML Core Services Could Allow Information Disclosure (2916036) |
[-/+] |
Synopsis
The remote host is affected by an information disclosure vulnerability.Description
The remote host contains a version of Microsoft XML Core Services that is affected by an information disclosure vulnerability that could allow an attacker to read files on the local file system of a user, or read content of web domains where a user is currently authenticated.See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1 and 2012 R2.Risk Factor
HighCVSS Base Score
7.1 (CVSS2#AV:N/AC:M/Au:N/C:C/I:N/A:N)CVSS Temporal Score
5.6 (CVSS2#E:POC/RL:OF/RC:C)References
Plugin Information:
Publication date: 2014/02/12, Modification date: 2016/07/01Ports
tcp/445
- C:\Windows\system32\Msxml3.dll has not been patched. Remote version : 8.110.9600.16384 Should be : 8.110.9600.16483
|
72430 - MS14-007: Vulnerability in Direct2D Could Allow Remote Code Execution (2912390) |
[-/+] |
Synopsis
The remote Windows host is affected by a remote code execution vulnerability.Description
The remote Windows host is affected by a remote code execution vulnerability due to the way Windows components handle 2D geometric figures. An attacker could exploit this vulnerability to take complete control over a target system by tricking a user into viewing a specially crafted figure in Internet Explorer.See Also
Solution
Microsoft has released a set of patches for Windows 7, 2008, 8, 8.1, 2012 and 2012 R2.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IReferences
Plugin Information:
Publication date: 2014/02/12, Modification date: 2016/05/06Ports
tcp/445
- C:\Windows\system32\d3d10warp.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.16505
|
72432 - MS14-009: Vulnerabilities in .NET Framework Could Allow Privilege Escalation (2916607) |
[-/+] |
Synopsis
The version of the .NET Framework installed on the remote host is affected by multiple vulnerabilities.Description
The remote Windows host is running a version of the Microsoft .NET Framework that is affected by multiple vulnerabilities : - An error exists related to handling stale or closed HTTP client connections that can allow denial of service attacks. (CVE-2014-0253) - An error exists related to decisions regarding the safety of executing certain methods that can allow privilege escalation. (CVE-2014-0257) - An error exists related to the component 'VSAVB7RT' that can allow Address Space Layout Randomization (ASLR) bypasses. (CVE-2014-0295)See Also
Solution
Microsoft has released a set of patches for .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4.0, 4.5, and 4.5.1.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)References
Exploitable with
Metasploit (true)Plugin Information:
Publication date: 2014/02/12, Modification date: 2016/07/01Ports
tcp/445
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Web.dll has not been patched. Remote version : 4.0.30319.33440 Should be : 4.0.30319.34009
|
72433 - MS14-010: Cumulative Security Update for Internet Explorer (2909921) |
[-/+] |
Synopsis
The remote host has a web browser that is affected by multiple vulnerabilities.Description
The remote host is missing Internet Explorer (IE) Security Update 2909921. The installed version of IE is affected by multiple privilege escalation and memory corruption vulnerabilities that could allow an attacker to execute arbitrary code on the remote host. Additionally, the installed version of IE is affected by an information disclosure vulnerability.See Also
Solution
Microsoft has released a set of patches for XP, 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)References
Plugin Information:
Publication date: 2014/02/12, Modification date: 2016/05/06Ports
tcp/445
- C:\Windows\system32\Mshtml.dll has not been patched. Remote version : 11.0.9600.16384 Should be : 11.0.9600.16518
|
72434 - MS14-011: Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (2928390) |
[-/+] |
Synopsis
Arbitrary code can be executed on the remote host through the installed VBScript Scripting Engine.Description
The installed version of the VBScript Scripting Engine has a memory corruption vulnerability due to improper handling of objects in memory. If an attacker can trick a user on the system into viewing or opening malicious content, this issue could be leveraged to execute arbitrary code on the affected system, subject to the user's privileges.See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 2008 R2, 7, 8, 8.1, 2012, and 2012 R2.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
8.1 (CVSS2#E:ND/RL:OF/RC:C)References
Plugin Information:
Publication date: 2014/02/12, Modification date: 2016/02/23Ports
tcp/445
- C:\Windows\system32\Vbscript.dll has not been patched. Remote version : 5.8.9600.16384 Should be : 5.8.9600.16483
|
72930 - MS14-012: Cumulative Security Update for Internet Explorer (2925418) |
[-/+] |
Synopsis
The remote host has a web browser that is affected by multiple vulnerabilities.Description
The remote host is missing Internet Explorer (IE) Security Update 2925418. The installed version of IE is affected by multiple privilege escalation and memory corruption vulnerabilities that could allow an attacker to execute arbitrary code on the remote host. Additionally, the installed version of IE is affected by an information disclosure vulnerability.See Also
Solution
Microsoft has released a set of patches for XP, 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:ND)References
Exploitable with
CANVAS (true)Core Impact (true)Metasploit (true)Plugin Information:
Publication date: 2014/03/11, Modification date: 2016/12/09Ports
tcp/445
- C:\Windows\system32\Mshtml.dll has not been patched. Remote version : 11.0.9600.16384 Should be : 11.0.9600.16521
|
72934 - MS14-015: Vulnerabilities in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2930275) |
[-/+] |
Synopsis
The Windows kernel drivers on the remote host are affected by multiple vulnerabilities.Description
The remote Windows host has the following vulnerabilities : - A privilege escalation vulnerability exists in the Windows kernel-mode driver due to improper handling of objects in memory. If successfully exploited, a locally authenticated attacker could run a specially crafted application in kernel mode to take control of the system. (CVE-2014-0300) - An information disclosure vulnerability exists in the Windows kernel-mode driver due to improper handling of objects in memory. An attacker could exploit this issue to disclose information from kernel memory on the local system. (CVE-2014-0323)See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1 and 2012 R2.Risk Factor
HighCVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.6 (CVSS2#E:POC/RL:OF/RC:C)References
Exploitable with
Core Impact (true)Plugin Information:
Publication date: 2014/03/11, Modification date: 2016/05/19Ports
tcp/445
- C:\Windows\system32\Win32k.sys has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.16650
|
73415 - MS14-018: Cumulative Security Update for Internet Explorer (2950467) |
[-/+] |
Synopsis
The remote host has a web browser that is affected by multiple vulnerabilities.Description
The remote host is missing Internet Explorer (IE) Security Update 2950467. The installed version of IE is affected by multiple memory corruption vulnerabilities that could allow an attacker to execute arbitrary code on the remote host.See Also
Solution
Microsoft has released a set of patches for XP, 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)References
Plugin Information:
Publication date: 2014/04/08, Modification date: 2016/05/06Ports
tcp/445
- C:\Windows\system32\Mshtml.dll has not been patched. Remote version : 11.0.9600.16384 Should be : 11.0.9600.16659
|
73416 - MS14-019: Vulnerability in Windows File Handling Component Could Allow Remote Code Execution (2922229) |
[-/+] |
Synopsis
The remote Windows host is potentially affected by a remote code execution vulnerability.Description
The remote Windows host is potentially affected by a vulnerability in the way that Windows processes .bat and .cmd files that could allow remote code execution if a user is convinced to run a specially crafted .bat or .cmd file. When exploiting this vulnerability, an attacker could gain the same user permissions as the current user.See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
8.1 (CVSS2#E:ND/RL:OF/RC:C)References
Plugin Information:
Publication date: 2014/04/08, Modification date: 2015/06/14Ports
tcp/445
- C:\Windows\system32\kernel32.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.16656
|
73805 - MS14-021: Security Update for Internet Explorer (2965111) |
[-/+] |
Synopsis
The remote host has a web browser that is affected by a memory corruption vulnerability.Description
The remote host is missing Internet Explorer (IE) Security Update 2965111. The installed version of IE is affected by a memory corruption vulnerability that could allow an attacker to execute arbitrary code on the remote host.See Also
Solution
Microsoft has released a set of patches for XP, 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
8.4 (CVSS2#E:H/RL:TF/RC:ND)References
Exploitable with
Core Impact (true)Plugin Information:
Publication date: 2014/05/01, Modification date: 2016/05/06Ports
tcp/445
- C:\Windows\system32\Mshtml.dll has not been patched. Remote version : 11.0.9600.16384 Should be : 11.0.9600.16661
|
73986 - MS14-027: Vulnerability in Windows Shell Handler Could Allow Elevation of Privilege (2962488) |
[-/+] |
Synopsis
The remote Windows host is affected by a privilege escalation vulnerability.Description
A privilege escalation vulnerability exists on the remote Windows host due to improper handling of file associations. A local attacker could exploit this vulnerability to execute arbitrary code on the remote host under the privileges of the Local System account.See Also
Solution
Microsoft has released a set of patches for 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.Risk Factor
HighCVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.3 (CVSS2#E:ND/RL:OF/RC:C)References
Exploitable with
Core Impact (true)Plugin Information:
Publication date: 2014/05/14, Modification date: 2015/04/23Ports
tcp/445
- C:\Windows\system32\Shell32.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.16660
|
73988 - MS14-029: Security Update for Internet Explorer (2962482) |
[-/+] |
Synopsis
The remote host has a web browser that is affected by multiple memory corruption vulnerabilities.Description
The remote host is missing Internet Explorer (IE) Security Update 2962482. The installed version of IE is affected by multiple memory corruption vulnerabilities that could allow an attacker to execute arbitrary code on the remote host.See Also
Solution
Microsoft has released a set of patches for 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2014/05/14, Modification date: 2016/05/06Ports
tcp/445
- C:\Windows\system32\Mshtml.dll has not been patched. Remote version : 11.0.9600.16384 Should be : 11.0.9600.16663
|
74427 - MS14-035: Cumulative Security Update for Internet Explorer (2969262) |
[-/+] |
Synopsis
The remote host has a web browser that is affected by multiple vulnerabilities.Description
The remote host is missing Internet Explorer (IE) Security Update 2969262. The version of Internet Explorer installed on the remote host is affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An attacker could exploit these vulnerabilities by convincing a user to visit a specially crafted web page.See Also
Solution
Microsoft has released a set of patches for Internet Explorer 6, 7, 8, 9, 10, and 11.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)References
Exploitable with
Core Impact (true)Plugin Information:
Publication date: 2014/06/11, Modification date: 2016/05/06Ports
tcp/445
- C:\Windows\system32\Mshtml.dll has not been patched. Remote version : 11.0.9600.16384 Should be : 11.0.9600.16668
|
74428 - MS14-036: Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (2967487) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple remote code execution vulnerabilities.Description
The version of Microsoft's Graphics Component installed on the remote host is affected by code execution vulnerabilities due to the way GDI+ handles image record types in specially crafted files. A remote, unauthenticated attacker could exploit these issues by tricking a user into viewing content that contains malicious files, which could result in arbitrary code execution.See Also
Solution
Microsoft has released a set of patches for Windows Server 2003, Vista, Server 2008, 7, 2008 R2, 8, 8.1, 2012, 2012 R2, Office 2007, Office 2010, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013, and Lync Basic 2013.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2014/06/11, Modification date: 2016/07/01Ports
tcp/445
- C:\Windows\system32\Fntcache.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.16662
|
76406 - MS14-037: Cumulative Security Update for Internet Explorer (2975687) |
[-/+] |
Synopsis
The remote host has a web browser that is affected by multiple vulnerabilities.Description
The remote host is missing Internet Explorer (IE) Security Update 2975687. The version of Internet Explorer installed on the remote host is affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An attacker could exploit these vulnerabilities by convincing a user to visit a specially crafted web page.See Also
Solution
Microsoft has released a set of patches for Internet Explorer 6, 7, 8, 9, 10, and 11.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2014/07/08, Modification date: 2016/12/09Ports
tcp/445
- C:\Windows\system32\Mshtml.dll has not been patched. Remote version : 11.0.9600.16384 Should be : 11.0.9600.16672
|
76408 - MS14-039: Vulnerability in On-Screen Keyboard Could Allow Elevation of Privilege (2975685) |
[-/+] |
Synopsis
The remote Windows host is affected by a privilege escalation vulnerability.Description
A privilege escalation vulnerability exists on the remote Windows host due to improper handling of low integrity processes with the On- Screen Keyboard (OSK). A local attacker could exploit this vulnerability to execute arbitrary code on the remote host under the privileges of the current user.See Also
Solution
Microsoft has released a set of patches for Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.Risk Factor
HighCVSS Base Score
7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.0 (CVSS2#E:POC/RL:OF/RC:C)STIG Severity
IReferences
Exploitable with
Core Impact (true)Plugin Information:
Publication date: 2014/07/08, Modification date: 2016/05/06Ports
tcp/445
- C:\Windows\system32\Win32k.sys has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.16671
|
76409 - MS14-040: Vulnerability in Ancillary Function Driver (AFD) Could Allow Elevation of Privilege (2975684) |
[-/+] |
Synopsis
The remote Windows host contains a driver that allows elevation of privilege.Description
The remote Windows host contains a version of the Ancillary Function Driver (afd.sys) that is affected by a privilege escalation vulnerability. The flaw is due to the Ancillary Function Driver not properly processing user-supplied input, leading to a double free scenario, allowing a local attacker to elevate privileges by running a specially crafted application.See Also
Solution
Microsoft has released a set of patches for Windows 2003 SP2, Vista SP2, 2008 SP2, 7 SP1, 2008 R2 SP1, 8, 2012, 8.1, and 2012 R2.Risk Factor
HighCVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.0 (CVSS2#E:F/RL:OF/RC:ND)References
Exploitable with
CANVAS (true)Core Impact (true)Plugin Information:
Publication date: 2014/07/08, Modification date: 2016/12/09Ports
tcp/445
- C:\Windows\system32\drivers\Afd.sys has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.16668
|
77167 - MS14-049: Vulnerability in Windows Installer Service Could Allow Elevation of Privilege (2962490) |
[-/+] |
Synopsis
The remote Windows host is affected by a privilege escalation vulnerability.Description
A privilege escalation vulnerability exists on the remote Windows host due to improper handling of the repair functionality in the Windows installer service. A local attacker could exploit this vulnerability to execute arbitrary code on the remote host under the privileges of the system administrator.See Also
Solution
Microsoft has released a set of patches for 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.Risk Factor
HighCVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.3 (CVSS2#E:ND/RL:OF/RC:C)References
Plugin Information:
Publication date: 2014/08/12, Modification date: 2015/07/19Ports
tcp/445
- C:\Windows\system32\msi.dll has not been patched. Remote version : 5.0.9600.16384 Should be : 5.0.9600.17198
|
77574 - MS14-054: Vulnerability in Windows Task Scheduler Could Allow Elevation of Privilege (2988948) |
[-/+] |
Synopsis
The remote Windows host is affected by a privilege escalation vulnerability.Description
The remote Windows host is affected by a privilege escalation vulnerability. The vulnerability is due to improperly conducted integrity checks on tasks by Windows Task Scheduler. An authenticated attacker can exploit this vulnerability to execute arbitrary code in the context of the local system user.See Also
Solution
Microsoft has released a set of patches for Windows 8, 2012, 8.1, and 2012 R2.Risk Factor
HighCVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.3 (CVSS2#E:ND/RL:OF/RC:C)References
Plugin Information:
Publication date: 2014/09/10, Modification date: 2015/09/13Ports
tcp/445
- C:\Windows\system32\Schedsvc.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.17276
|
78433 - MS14-058: Vulnerabilities in Kernel-Mode Driver Could Allow Remote Code Execution (3000061) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple vulnerabilities.Description
The remote Windows host is affected by multiple vulnerabilities : - A privilege escalation vulnerability allows an attacker to run arbitrary code in kernel mode due to the kernel-mode driver improperly handling objects in memory. (CVE-2014-4113) - A remote code execution vulnerability allows a remote attacker to run arbitrary code in kernel mode due to the kernel-mode driver improperly handling TrueType fonts. An attacker can exploit this vulnerability by convincing a user to open a file or visit a website containing a specially crafted TrueType font file. (CVE-2014-4148)See Also
Solution
Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)References
Exploitable with
Core Impact (true)Metasploit (true)Plugin Information:
Publication date: 2014/10/15, Modification date: 2016/12/09Ports
tcp/445
- C:\Windows\system32\Win32k.sys has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.17353
|
78435 - MS14-060: Vulnerability in Windows OLE Could Allow Remote Code Execution (3000869) |
[-/+] |
Synopsis
The remote Windows host is affected by a remote code execution vulnerability.Description
The remote Windows host is affected by a remote code execution vulnerability due to improperly handled OLE objects. An attacker can exploit this vulnerability by convincing a user to open a file containing a specially crafted OLE object, resulting in execution of arbitrary code in the context of the current user.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:ND)References
| BID |
70419
|
| CVE |
CVE-2014-4114
|
| XREF |
OSVDB:113140 |
| XREF |
EDB-ID:35019 |
| XREF |
EDB-ID:35055 |
| XREF |
MSFT:MS14-060 |
Exploitable with
CANVAS (true)Core Impact (true)Metasploit (true)Plugin Information:
Publication date: 2014/10/15, Modification date: 2016/12/09Ports
tcp/445
- C:\Windows\system32\packager.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.17341
|
79125 - MS14-064: Vulnerabilities in Windows OLE Could Allow Remote Code Execution (3011443) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple vulnerabilities.Description
The remote Windows host is affected by multiple vulnerabilities : - A remote code execution vulnerability due to Internet Explorer improperly handling access to objects in memory. A remote attacker can exploit this vulnerability by convincing a user to visit a specially crafted website in Internet Explorer, resulting in execution of arbitrary code in the context of the current user. (CVE-2014-6332) - A remote code execution vulnerability due to a flaw in the OLE package manager. A remote attacker can exploit this vulnerability by convincing a user to open an Office file containing specially crafted OLE objects, resulting in execution of arbitrary code in the context of the current user. (CVE-2014-6352)See Also
Solution
Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:ND)References
Exploitable with
CANVAS (true)Core Impact (true)Metasploit (true)Plugin Information:
Publication date: 2014/11/11, Modification date: 2016/12/09Ports
tcp/445
- C:\Windows\system32\packager.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.17408
|
79132 - MS14-072: Vulnerability in .NET Framework Could Allow Elevation of Privilege (3005210) |
[-/+] |
Synopsis
The version of the .NET Framework installed on the remote host is affected by a privilege elevation vulnerability.Description
The remote Windows host has a version of the Microsoft .NET Framework that is affected by a vulnerability related to how it handles TypeFilterLevel checks for some malformed objects. This can be used by a remote attacker to gain privilege elevation via a specially crafted packet sent to a host that is using .NET Remoting.See Also
Solution
Microsoft has released a set of patches for .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4.0, 4.5, 4.5.1, and 4.5.2.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IReferences
Plugin Information:
Publication date: 2014/11/12, Modification date: 2016/07/01Ports
tcp/445
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.runtime.remoting.dll has not been patched. Remote version : 4.0.30319.33440 Should be : 4.0.30319.34243
|
79138 - MS14-079: Vulnerability in Kernel-Mode Driver Could Allow Denial of Service (3002885) |
[-/+] |
Synopsis
The remote Windows host is affected by denial of service vulnerability.Description
The remote Windows host is affected by a denial of service vulnerability due to the Windows kernel-mode driver not properly validating array indexes when loading TrueType font files. An attacker can exploit this vulnerability by convincing a user to open a file or visit a website containing a specially crafted TrueType font file, resulting in a restart of the user's system.See Also
Solution
Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.Risk Factor
HighCVSS Base Score
7.1 (CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)CVSS Temporal Score
6.2 (CVSS2#E:ND/RL:OF/RC:C)References
Plugin Information:
Publication date: 2014/11/12, Modification date: 2015/02/13Ports
tcp/445
- C:\Windows\system32\Win32k.sys has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.17393
|
79311 - MS14-068: Vulnerability in Kerberos Could Allow Elevation of Privilege (3011780) |
[-/+] |
Synopsis
The remote implementation of Kerberos KDC is affected by a privilege escalation vulnerability.Description
The remote Windows host is affected by a privilege escalation vulnerability due to the Kerberos Key Distribution Center (KDC) implementation not properly validating signatures. A remote attacker can exploit this vulnerability to elevate an unprivileged domain user account to a domain administrator account.See Also
Solution
Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.Risk Factor
HighCVSS Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)CVSS Temporal Score
7.4 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IReferences
| BID |
70958
|
| CVE |
CVE-2014-6324
|
| XREF |
OSVDB:114751 |
| XREF |
CERT:213119 |
| XREF |
IAVA:2014-A-0180 |
| XREF |
MSFT:MS14-068 |
Exploitable with
CANVAS (true)Core Impact (true)Plugin Information:
Publication date: 2014/11/18, Modification date: 2016/12/09Ports
tcp/445
- C:\Windows\system32\kerberos.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.17423
|
80490 - MS15-001: Vulnerability in Windows Application Compatibility Cache Could Allow Elevation of Privilege (3023266) |
[-/+] |
Synopsis
The remote Windows host is affected by a privilege escalation vulnerability.Description
The remote Windows host is affected by a privilege escalation vulnerability due to improper validation of the authorization of a caller's impersonation token in the Microsoft Windows Application Compatibility Infrastructure (AppCompat) component. A local attacker, with a specially crafted program, can bypass the authorization check to create cache entries, resulting in an escalation of privileges.See Also
Solution
Microsoft has released a set of patches for Windows 2008, 7, 2008 R2, 8, 8.1, 2012 and 2012 R2.Risk Factor
HighCVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.6 (CVSS2#E:POC/RL:OF/RC:C)References
Exploitable with
Metasploit (true)Plugin Information:
Publication date: 2015/01/13, Modification date: 2016/05/19Ports
tcp/445
- C:\Windows\system32\drivers\ahcache.sys has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.17555
|
80492 - MS15-003: Vulnerability in Windows User Profile Service Could Allow Elevation of Privilege (3021674) |
[-/+] |
Synopsis
The remote Windows host is affected by a privilege escalation vulnerability.Description
The remote Windows host is affected by a privilege escalation vulnerability due to improper validation of user privilege in the Windows User Profile Service (ProfSvc). A local attacker, with a specially crafted application, can load registry hives associated with other user accounts to execute arbitrary code with elevated permissions.See Also
Solution
Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.Risk Factor
HighCVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.6 (CVSS2#E:POC/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2015/01/13, Modification date: 2016/05/19Ports
tcp/445
- C:\Windows\system32\profsvc.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.17552
|
81262 - MS15-009: Security Update for Internet Explorer (3034682) |
[-/+] |
Synopsis
The remote host has a web browser installed that is affected by multiple vulnerabilities.Description
The version of Internet Explorer installed on the remote host is missing Cumulative Security Update 3034682. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An attacker can exploit these by convincing a user to visit a specially crafted web page. Hosts running Internet Explorer 9, Internet Explorer 10, or Internet Explorer 11 will not be fully protected until both security update 3021952 and security update 3034196 are applied to the system. Security update 3034196 may require manual installation depending on your patching method.See Also
Solution
Microsoft has released a set of patches for Internet Explorer 6, 7, 8, 9, 10, and 11.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)References
Plugin Information:
Publication date: 2015/06/05, Modification date: 2016/05/19Ports
tcp/445
- C:\Windows\system32\Mshtml.dll has not been patched. Remote version : 11.0.9600.16384 Should be : 11.0.9600.17631 - C:\Windows\system32\jscript9.dll has not been patched. Remote version : 11.0.9600.16384 Should be : 11.0.9600.17640
|
81263 - MS15-010: Vulnerabilities in Windows Kernel-Mode Driver Could Allow Remote Code Execution (3036220) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security patch. It is, therefore, affected by the following vulnerabilities : - A privilege escalation vulnerability exists in the Windows kernel-mode driver that is caused by improperly handling objects in memory. (CVE-2015-0003, CVE-2015-0057) - A security feature bypass vulnerability exists in the Cryptography Next Generation kernel-mode driver when failing to properly validate and enforce impersonation levels. (CVE-2015-0010) - A privilege escalation vulnerability exists in the Windows kernel-mode driver due to a double-free condition. (CVE-2015-0058) - A remote code execution vulnerability exists in the Windows kernel-mode driver that is caused when improperly handling TrueType fonts. (CVE-2015-0059) - A denial of service vulnerability exists in the Windows kernel-mode driver that is caused when the Windows font mapper attempts to scale a font. (CVE-2015-0060)See Also
Solution
Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.Risk Factor
HighCVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.3 (CVSS2#E:ND/RL:OF/RC:C)References
Exploitable with
Core Impact (true)Plugin Information:
Publication date: 2015/02/10, Modification date: 2015/03/14Ports
tcp/445
- C:\Windows\system32\win32k.sys has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.17630
|
81268 - MS15-015: Vulnerability in Microsoft Windows Could Allow Elevation of Privilege (3031432) |
[-/+] |
Synopsis
The remote Windows host is affected by a privilege escalation vulnerability.Description
The remote Windows host is affected by a privilege escalation vulnerability due to improper validation of the authorization of a caller's impersonation token when the caller's process uses SeAssignPrimaryTokenPrivilege. A local attacker, using a specially crafted program, can bypass the authorization check, resulting in an escalation of privileges.See Also
Solution
Microsoft has released a set of patches for Windows 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.Risk Factor
HighCVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.6 (CVSS2#E:POC/RL:OF/RC:ND)STIG Severity
IIReferences
Plugin Information:
Publication date: 2015/02/10, Modification date: 2016/05/19Ports
tcp/445
- C:\Windows\system32\ntoskrnl.exe has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.17630
|
81733 - MS15-018: Cumulative Security Update for Internet Explorer (3032359) |
[-/+] |
Synopsis
The remote host has a web browser installed that is affected by multiple vulnerabilities.Description
The version of Internet Explorer installed on the remote host is missing Cumulative Security Update 3032359. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An attacker can exploit these by convincing a user to visit a specially crafted website.See Also
Solution
Microsoft has released a set of patches for Internet Explorer 6, 7, 8, 9, 10, and 11.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
8.4 (CVSS2#E:POC/RL:U/RC:ND)References
Plugin Information:
Publication date: 2015/03/10, Modification date: 2016/05/19Ports
tcp/445
- C:\Windows\system32\Mshtml.dll has not been patched. Remote version : 11.0.9600.16384 Should be : 11.0.9600.17690
|
81735 - MS15-020: Vulnerabilities in Microsoft Windows Could Allow Remote Code Execution (3041836) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple remote code execution vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by the following vulnerabilities : - A remote code execution vulnerability exists in Windows Text Services due to improper handling of objects in memory. A remote attacker can exploit this vulnerability by convincing a user to visit a specially crafted website or open a specially crafted file, resulting in the execution of arbitrary code. (CVE-2015-0059) - A remote code execution vulnerability exists due to improper loading of DLL files. A remote attacker can exploit this vulnerability by convincing a user to visit a specially crafted website or remote network share, resulting in the execution of arbitrary code. (CVE-2015-0096)See Also
Solution
Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
8.4 (CVSS2#E:POC/RL:ND/RC:ND)STIG Severity
IIReferences
Exploitable with
CANVAS (true)Metasploit (true)Plugin Information:
Publication date: 2015/03/10, Modification date: 2016/12/09Ports
tcp/445
- C:\Windows\system32\msctf.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.17664
|
81736 - MS15-021: Vulnerabilities in Adobe Font Driver Could Allow Remote Code Execution (3032323) |
[-/+] |
Synopsis
The Adobe Font driver on the remote host is affected by multiple vulnerabilities.Description
The remote Windows host is affected by the following vulnerabilities in the Adobe Font driver : - A flaw exists in the Adobe Font Driver due to improper allocation of memory. This allows a remote attacker, using a specially crafted font in a file or website, to cause a denial of service. (CVE-2015-0074) - Multiple flaws exist in the Adobe Font Driver that allow a remote attacker, using specially crafted fonts, to obtain sensitive information from kernel memory. (CVE-2015-0087, CVE-2015-0089) - Multiple flaws exist in the Adobe Font Driver due to improper validation of user-supplied input. A remote attacker can exploit this, using a specially crafted font in a file or website, to execute arbitrary code. (CVE-2015-0088, CVE-2015-0090, CVE-2015-0091, CVE-2015-0092, CVE-2015-0093)See Also
Solution
Microsoft has released a set of patches for 2003, Vista, 2008, 7, 2008 R2, 8, Windows RT, 2012, 8.1, Windows RT 8.1, and 2012 R2.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2015/03/10, Modification date: 2016/12/09Ports
tcp/445
- C:\Windows\system32\atmfd.dll has not been patched. Remote version : 5.1.2.238 Should be : 5.1.2.241
|
81739 - MS15-025: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (3038680) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple privilege escalation vulnerabilities.Description
The remote Windows host is affected by multiple privilege escalation vulnerabilities : - An elevation of privilege vulnerability exists due to Windows Registry Virtualization improperly allowing a user to modify the virtual store of another user. A local attacker, with a specially crafted application, can exploit this vulnerability to take control of the account of another user who is logged on to the affected system. (CVE-2015-0073) - An elevation of privilege vulnerability exists due to a failure to properly validate and enforce impersonation levels. A local attacker, with a specially crafted application, can exploit this vulnerability to bypass user account checks. (CVE-2015-0075)See Also
Solution
Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2. KB3035131 (MS15-025) has affected binaries in common with Security Advisory 3033929, which was released simultaneously. If you download and install updates manually, you should first install KB3035131 (MS15-025) before installing KB3033929. See the MS15-025 bulletin Update FAQ for more information.Risk Factor
HighCVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.6 (CVSS2#E:POC/RL:OF/RC:ND)STIG Severity
IIReferences
Plugin Information:
Publication date: 2015/03/10, Modification date: 2016/05/06Ports
tcp/445
- C:\Windows\system32\ntoskrnl.exe has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.17668
|
81742 - MS15-028: Vulnerability in Windows Task Scheduler Could Allow Security Feature Bypass (3030377) |
[-/+] |
Synopsis
The remote Windows host is affected by a security bypass vulnerability.Description
The remote Windows host is affected by a security bypass vulnerability due to Windows Task Scheduler not properly validating and enforcing impersonation levels. Attackers can exploit this flaw to elevate privileges in order to execute files they have no permission to run.See Also
Solution
Microsoft has released a set of patches for Windows 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.Risk Factor
HighCVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.0 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IIReferences
Plugin Information:
Publication date: 2015/03/10, Modification date: 2016/05/06Ports
tcp/445
- C:\Windows\system32\ubpm.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.17671
|
82770 - MS15-032: Cumulative Security Update for Internet Explorer (3038314) |
[-/+] |
Synopsis
The remote host has a web browser installed that is affected by multiple vulnerabilities.Description
The version of Internet Explorer installed on the remote host is missing Cumulative Security Update 3038314. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An attacker can exploit these vulnerabilities by convincing a user to visit a specially crafted website. Note that KB3038314 was updated on April 22, 2015, for Internet Explorer for Windows Server 2003. If this update was installed prior to April 22, it will need to be reinstalled to be fully protected.See Also
Solution
Microsoft has released a set of patches for Internet Explorer 6, 7, 8, 9, 10, and 11.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)References
Plugin Information:
Publication date: 2015/04/14, Modification date: 2016/05/06Ports
tcp/445
- C:\Windows\system32\Mshtml.dll has not been patched. Remote version : 11.0.9600.16384 Should be : 11.0.9600.17728
|
82774 - MS15-038: Vulnerabilities in Microsoft Windows Could Allow Elevation of Privilege (3049576) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple privilege escalation vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple privilege escalation vulnerabilities : - A elevation of privilege vulnerability exists due to NtCreateTransactionManager type confusion that allows an authenticated attacker to bypass impersonation-level security checks by running a specially crafted application. (CVE-2015-1643) - A elevation of privilege vulnerability exists due to a MS-DOS device name handling flaw that allows an authenticated attacker to bypass impersonation-level security checks by running a specially crafted application. (CVE-2015-1644)See Also
Solution
Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.Risk Factor
HighCVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.6 (CVSS2#E:POC/RL:OF/RC:ND)STIG Severity
IIReferences
Exploitable with
Core Impact (true)Plugin Information:
Publication date: 2015/04/14, Modification date: 2016/05/06Ports
tcp/445
- C:\Windows\system32\ntdll.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.17736
|
83355 - MS15-050: Vulnerability in Service Control Manager Could Allow Elevation of Privilege (3055642) |
[-/+] |
Synopsis
The remote Windows host is affected by a privilege escalation vulnerability.Description
The remote Windows host is affected by a privilege escalation vulnerability in Windows Service Control Manager (SCM) due to improper verification of impersonation levels. A local attacker can exploit this, via a specially crafted application, to escalate their privileges and make calls to SCM for which they lack sufficient privilege.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.Risk Factor
HighCVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2015/05/12, Modification date: 2016/05/06Ports
tcp/445
- C:\Windows\system32\services.exe has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.17793
|
83356 - MS15-048: Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (3057134) |
[-/+] |
Synopsis
The version of the .NET Framework installed on the remote host is affected by multiple vulnerabilities.Description
The remote Windows host is running a version of the Microsoft .NET Framework that is affected by multiple vulnerabilities : - A denial of service vulnerability exists in the Microsoft .NET Framework due to a recursion flaw that occurs when decrypting XML data. A remote attacker can exploit this, via specially crafted XML data, to degrade the performance of a .NET website. (CVE-2015-1672) - A privilege escalation vulnerability exists in the Microsoft .NET Framework due to improper handling of objects in memory by .NET's Windows Forms (WinForms) libraries. A remote attacker can exploit this, via a specially crafted partial trust application, to escalate privileges. (CVE-2015-1673)See Also
Solution
Microsoft has released a set of patches for .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4.0, 4.5, 4.5.1, and 4.5.2.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2015/05/12, Modification date: 2016/05/06Ports
tcp/445
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Security.dll has not been patched. Remote version : 4.0.30319.33440 Should be : 4.0.30319.34248 - C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.dll has not been patched. Remote version : 4.0.30319.33440 Should be : 4.0.30319.34250
|
83358 - MS15-043: Cumulative Security Update for Internet Explorer (3049563) |
[-/+] |
Synopsis
The remote host has a web browser installed that is affected by multiple vulnerabilities.Description
The version of Internet Explorer installed on the remote host is missing Cumulative Security Update 3049563. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An attacker can exploit these vulnerabilities by convincing a user to visit a specially crafted website.See Also
Solution
Microsoft has released a set of patches for Internet Explorer 6, 7, 8, 9, 10, and 11.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)References
Plugin Information:
Publication date: 2015/05/12, Modification date: 2016/05/06Ports
tcp/445
- C:\Windows\system32\Mshtml.dll has not been patched. Remote version : 11.0.9600.16384 Should be : 11.0.9600.17801
|
83370 - MS15-051: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (3057191) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple vulnerabilities.Description
The version of Windows running on the remote host is affected by multiple vulnerabilities : - Multiple information disclosure vulnerabilities exist due to the Win32k.sys kernel-mode driver improperly handling objects in memory. A local attacker can exploit this to reveal private address information during a function call, resulting in the disclosure of kernel memory contents. (CVE-2015-1676, CVE-2015-1677, CVE-2015-1678, CVE-2015-1679, CVE-2015-1680) - A privilege escalation vulnerability exists due to the Win32k.sys kernel-mode driver improperly handling objects in memory. A local attacker can exploit this flaw, via a specially crafted application, to execute arbitrary code in kernel mode. This vulnerability is reportedly being exploited in the wild. (CVE-2015-1701)See Also
Solution
Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.Risk Factor
HighCVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.0 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IIReferences
Exploitable with
CANVAS (true)Core Impact (true)Metasploit (true)Plugin Information:
Publication date: 2015/05/12, Modification date: 2016/12/09Ports
tcp/445
- C:\Windows\system32\Win32k.sys has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.17796
|
83440 - MS15-044: Vulnerabilities in Microsoft Font Drivers Could Allow Remote Code Execution (3057110) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple vulnerabilities.Description
The remote Windows host is affected by multiple vulnerabilities : - An information disclosure vulnerability exists due to improper handling of OpenType fonts by the Windows DirectWrite library. A remote attacker can exploit this vulnerability by convincing a user to open a file or visit a website containing a specially crafted OpenType font, resulting in the disclosure of sensitive information. (CVE-2015-1670) - A remote code execution vulnerability exists due to improper handling of TrueType font files by the Windows DirectWrite library. A remote attacker can exploit this vulnerability by convincing a user to open a specially crafted document or visit a website containing a specially crafted TrueType font file, resulting in execution of arbitrary code in the context of the current user. (CVE-2015-1671)See Also
Solution
Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2. Additionally, Microsoft has released a set of patches for Office 2007, Office 2010, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013, Lync Basic 2013; and .NET Framework 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)References
Plugin Information:
Publication date: 2015/05/13, Modification date: 2016/05/19Ports
tcp/445
- C:\Windows\system32\win32k.sys has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.17796
|
84053 - MS15-056: Cumulative Security Update for Internet Explorer (3058515) |
[-/+] |
Synopsis
The remote host has a web browser installed that is affected by multiple vulnerabilities.Description
The version of Internet Explorer installed on the remote host is missing Cumulative Security Update 3058515. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An attacker can exploit these vulnerabilities by convincing a user to visit a specially crafted website. Note that the majority of the vulnerabilities addressed by Cumulative Security Update 3058515 are mitigated by the Enhanced Security Configuration (ESC) mode which is enabled by default on Windows Server 2003, 2008, 2008 R2, 2012, and 2012 R2.See Also
Solution
Microsoft has released a set of patches for Internet Explorer 6, 7, 8, 9, 10, and 11.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2015/06/09, Modification date: 2016/05/06Ports
tcp/445
- C:\Windows\system32\Mshtml.dll has not been patched. Remote version : 11.0.9600.16384 Should be : 11.0.9600.17842
|
84056 - MS15-060: Vulnerability in Microsoft Common Controls Could Allow Remote Code Execution (3059317) |
[-/+] |
Synopsis
The remote Windows host is affected by a remote code execution vulnerability.Description
The remote Windows host is affected by a remote code execution vulnerability due to a user-after-free error in Microsoft Common Controls. A remote attacker can exploit this vulnerability by convincing a user to click a specially crafted link, resulting in the execution of arbitrary code in the context of the current user.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2015/06/09, Modification date: 2016/05/06Ports
tcp/445
None of the versions of 'comctl32.dll' under C:\Windows\WinSxS have been patched. Fixed version : 6.10.9600.17810
|
84059 - MS15-061: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (3057839) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple vulnerabilities.Description
The remote Windows host is affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the Windows kernel-mode driver due to improper handling of buffer elements. A local attacker can exploit this vulnerability to request the contents of specific memory addresses. (CVE-2015-1719) - An elevation of privilege vulnerability exists in the Windows kernel-mode driver due to a user-after-free error. A remote attacker can exploit this vulnerability by convincing a user to run a specially crafted application, resulting in the execution of arbitrary code in kernel mode. (CVE-2015-1720) - A elevation of privilege vulnerability exists in the Windows kernel-mode driver due to a NULL pointer dereference flaw. A remote attacker can exploit this vulnerability by convincing a user to run a specially crafted application, resulting in the execution of arbitrary code in kernel mode. (CVE-2015-1721) - Multiple elevation of privilege vulnerabilities exist in the Windows kernel-mode driver due to improper handling of objects in memory. A local attacker can exploit these vulnerabilities, with a specially crafted application, to escalate privileges to full administrative rights. (CVE-2015-1722, CVE-2015-1723, CVE-2015-1724, CVE-2015-1726) - Multiple elevation of privilege vulnerabilities exist in the Windows kernel-mode driver due to improperly validated user-supplied input. A local attacker can exploit these vulnerabilities, with a specially crafted application, to escalate privileges to full administrative rights. (CVE-2015-1725, CVE-2015-1727) - Multiple elevation of privilege vulnerabilities exist in the Windows kernel-mode driver due a failure to properly free memory. A local attacker can exploit these vulnerabilities, with a specially crafted application, to execute arbitrary code in the context of another user. (CVE-2015-1725, CVE-2015-1727)See Also
Solution
Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:ND)References
Exploitable with
Core Impact (true)Plugin Information:
Publication date: 2015/06/09, Modification date: 2016/12/09Ports
tcp/445
- C:\Windows\system32\Win32k.sys has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.17837
|
84734 - MS15-069: Vulnerabilities in Windows Could Allow Remote Code Execution (3072631) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple remote code execution vulnerabilities.Description
The remote Windows host is affected by multiple remote code execution vulnerabilities : - A remote code execution vulnerability exists due to improper handling of the loading of dynamic link library (DLL) files. A remote attacker can exploit this vulnerability by placing a specially crafted DLL file in a user's current working directory and then convincing the user to launch a program designed to load the DLL, resulting in the execution of arbitrary code in the context of the current user. (CVE-2015-2368) - A remote code execution vulnerability exists in Microsoft Windows Media Device Manager due to improper handling of the loading of dynamic link library (DLL) files. A remote attacker can exploit this vulnerability by placing a specially crafted DLL file in a user's current working directory and then convincing the user to open a specially crafted .RTF file, resulting in the execution of arbitrary code in the context of the current user. (CVE-2015-2369)See Also
Solution
Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8.1, and 2012 R2.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2015/07/14, Modification date: 2016/05/06Ports
tcp/445
The remote host is missing KB3061512.
|
84744 - MS15-072: Vulnerability in Windows Graphics Component Could Allow Elevation of Privilege (3069392) |
[-/+] |
Synopsis
The remote Windows host is affected by a privilege escalation vulnerability.Description
The remote Windows host is affected by a privilege escalation vulnerability due to improper processing of bitmap conversions in the Windows graphics component. An authenticated attacker can exploit this, via a specially crafted application, to gain administrative privileges.See Also
Solution
Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.Risk Factor
HighCVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2015/07/14, Modification date: 2016/01/17Ports
tcp/445
- C:\Windows\system32\gdi32.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.17902
|
84746 - MS15-077: Vulnerability in ATM Font Driver Could Allow Elevation of Privilege (3077657) |
[-/+] |
Synopsis
The Adobe Font driver on the remote host is affected by a privilege escalation vulnerability.Description
The remote Windows host is affected by a privilege escalation vulnerability in the Adobe Type Manager Font Driver (ATMFD) due to a failure to properly handle objects in memory. A local attacker can exploit this by running a specially crafted application, resulting in arbitrary code execution with elevated privileges.See Also
Solution
Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, and 2012 R2.Risk Factor
HighCVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.0 (CVSS2#E:F/RL:OF/RC:ND)References
Exploitable with
CANVAS (true)Plugin Information:
Publication date: 2015/07/14, Modification date: 2016/12/09Ports
tcp/445
- C:\Windows\system32\atmfd.dll has not been patched. Remote version : 5.1.2.238 Should be : 5.1.2.242
|
84747 - MS15-073: Vulnerabilities in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (3070102) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple vulnerabilities.Description
The remote Windows host is affected by multiple vulnerabilities : - Multiple privilege escalation vulnerabilities exist in the Windows kernel-mode driver due to improper handling of objects in memory. A local attacker can exploit these vulnerabilities, with a specially crafted application, to elevate privileges to full administrative rights. (CVE-2015-2363, CVE-2015-2365, CVE-2015-2366) - An information disclosure vulnerability exists in the Windows kernel-mode driver due to improper handling of non-initialized values in memory. An attacker can exploit this vulnerability, with a specially crafted application, to leak memory addresses or other sensitive kernel information that can be used for further exploitation of the system. (CVE-2015-2367) - An information disclosure vulnerability exists in the Windows kernel-mode driver due to improper handling of private address information during a function call. An attacker can exploit this vulnerability, with a specially crafted application, to request the contents of specific memory addresses. (CVE-2015-2381, CVE-2015-2382)See Also
Solution
Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, and 2012 R2.Risk Factor
HighCVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2015/07/14, Modification date: 2015/07/19Ports
tcp/445
- C:\Windows\system32\Win32k.sys has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.17915
|
84748 - MS15-076: Vulnerability in Windows Remote Procedure Call Could Allow Elevation of Privilege (3067505) |
[-/+] |
Synopsis
The remote Windows host is affected by a privilege escalation vulnerability.Description
The remote Windows host is affected by a privilege escalation vulnerability in the Microsoft Remote Procedure Call (RPC) due to incorrectly allowing DCE/RPC connection reflection. A remote, authenticated attacker can exploit this vulnerability, with a specially crafted application, to elevate privileges. Note that in order to exploit this issue, an attacker would first have to log onto the system.See Also
Solution
Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.Risk Factor
HighCVSS Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)CVSS Temporal Score
7.4 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IIReferences
| CVE |
CVE-2015-2370
|
| XREF |
OSVDB:124321 |
| XREF |
MSFT:MS15-076 |
| XREF |
IAVA:2015-A-0165 |
Plugin Information:
Publication date: 2015/07/14, Modification date: 2016/05/24Ports
tcp/445
- C:\Windows\system32\Rpcrt4.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.17919
|
84761 - MS15-065: Cumulative Security Update for Internet Explorer (3076321) |
[-/+] |
Synopsis
The remote host has a web browser installed that is affected by multiple vulnerabilities.Description
The version of Internet Explorer installed on the remote host is missing Cumulative Security Update 3076321. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An attacker can exploit these vulnerabilities by convincing a user to visit a specially crafted website. Hosts running Internet Explorer 10 or Internet Explorer 11 will not be fully protected until both security update 3065822 and security update 3075516 are applied to the system. Security update 3075516 may require manual installation depending on your patching method. Note that the majority of the vulnerabilities addressed by Cumulative Security Update 3076321 are mitigated by the Enhanced Security Configuration (ESC) mode which is enabled by default on Windows Server 2003, 2008, 2008 R2, 2012, and 2012 R2.See Also
Solution
Microsoft has released a set of patches for Internet Explorer 6, 7, 8, 9, 10, and 11.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2015/07/15, Modification date: 2016/05/06Ports
tcp/445
- C:\Windows\system32\Mshtml.dll has not been patched. Remote version : 11.0.9600.16384 Should be : 11.0.9600.17905 - C:\Windows\system32\jscript9.dll has not been patched. Remote version : 11.0.9600.16384 Should be : 11.0.9600.17923
|
84762 - MS15-068: Vulnerabilities in Windows Hyper-V Could Allow Remote Code Execution (3072000) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple remote code execution vulnerabilities.Description
The remote Windows host is affected by multiple remote code execution vulnerabilities in Hyper-V : - An error exists in how Hyper-V handles packet size memory initialization in guest virtual machines. An authenticated attacker with access to a guest virtual machine can exploit this by running a specially crafted application to execute arbitrary code in a host context. (CVE-2015-2361) - An error exists in how Hyper-V initializes system data structures in guest virtual machines. An authenticated attacker with access to a guest virtual machine can exploit this by running a specially crafted application to execute arbitrary code in a host context. (CVE-2015-2362)See Also
Solution
Microsoft has released a set of patches for Windows 2008, 2008 R2, 8, 2012, 8.1, and 2012 R2.Risk Factor
HighCVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2015/07/15, Modification date: 2015/07/19Ports
tcp/445
- C:\Windows\system32\drivers\storvsp.sys has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.17723
|
84882 - MS15-078: Vulnerability in Microsoft Font Driver Could Allow Remote Code Execution (3079904) |
[-/+] |
Synopsis
The remote Windows host is affected by a remote code execution vulnerability.Description
The remote Windows host is affected by a remote code execution vulnerability in the Adobe Type Manager Library due to improper handling of OpenType fonts. A remote attacker can exploit this vulnerability by convincing a user to open a document or visit a website containing specially crafted OpenType fonts, resulting in the execution of arbitrary code in the context of the current user.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:ND)References
Exploitable with
Core Impact (true)Metasploit (true)Plugin Information:
Publication date: 2015/07/20, Modification date: 2016/12/09Ports
tcp/445
- C:\Windows\system32\atmfd.dll has not been patched. Remote version : 5.1.2.238 Should be : 5.1.2.243
|
85330 - MS15-085: Vulnerability in Mount Manager Could Allow Elevation of Privilege (3082487) |
[-/+] |
Synopsis
The remote Windows host is affected by an elevation of privilege vulnerability.Description
The remote Windows host is affected by an elevation of privilege vulnerability in the Mount Manager component due to improper processing of symbolic links. A local attacker can exploit this vulnerability by inserting a malicious USB device into a user's system, allowing the writing of a malicious binary to disk and the execution of arbitrary code.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.0 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IReferences
Plugin Information:
Publication date: 2015/08/11, Modification date: 2015/08/16Ports
tcp/445
- C:\Windows\system32\ntdll.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.17936
|
85348 - MS15-080 : Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (3078662) |
[-/+] |
Synopsis
The remote host is affected by multiple vulnerabilities.Description
The remote Windows host is affected by multiple vulnerabilities : - Multiple remote code execution vulnerabilities exist due to the Windows Adobe Type Manager Library not properly handling specially crafted OpenType fonts. An attacker can exploit these, by using a crafted document or web page with embedded OpenType fonts, to execute arbitrary code in the context of the current user. (CVE-2015-2432, CVE-2015-2458, CVE-2015-2459, CVE-2015-2460, CVE-2015-2461, CVE-2015-2462) - Multiple remote code execution vulnerabilities exist in various components of Windows, .NET Framework, Office, Lync, and Silverlight due to a failure to properly handle TrueType fonts. An attacker can exploit these, by using a crafted document or web page with embedded TrueType fonts, to execute arbitrary code in the context of the current user. (CVE-2015-2435, CVE-2015-2455, CVE-2015-2456 CVE-2015-2463, CVE-2015-2464) - A remote code execution vulnerability exists due to Microsoft Office not properly handling Office Graphics Library (OGL) fonts. An attacker can exploit this, by using a crafted document or web page with embedded OGL fonts, to execute arbitrary code in the context of the user. (CVE-2015-2431) - A security feature bypass vulnerability exists due to a failure by the Windows kernel to properly initialize a memory address. An attacker, using a specially crafted application, can exploit this issue to bypass Kernel Address Space Layout Randomization (KASLR) and retrieve the base address of the kernel driver. (CVE-2015-2433) - An elevation of privilege vulnerability exists due to a flaw in the Windows Client/Server Run-time Subsystem (CSRSS) when terminating a process when a user logs off. An attacker can exploit this vulnerability to run code that monitors the actions of users who log on to the system, allowing the disclosure of sensitive information which could be used to elevate privileges or execute code. (CVE-2015-2453) - A security feature bypass vulnerability exists due to the Windows kernel-mode driver not properly validating and enforcing impersonation levels. An attacker can exploit this to gain elevated privileges on a targeted system. (CVE-2015-2454) - A security feature bypass vulnerability exists due to the Windows shell not properly validating and enforcing impersonation levels. An attacker can exploit this to bypass impersonation-level security and gain elevated privileges on a targeted system. (CVE-2015-2465)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, 2012 R2, and 10. Additionally, Microsoft has released a set of patches for Office 2007, Office 2010, Microsoft Lync 2010, 2010 Attendee, 2013 SP1, Microsoft Live Meeting 2007; and .NET Framework 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:ND)STIG Severity
IIReferences
Exploitable with
Metasploit (true)Plugin Information:
Publication date: 2015/08/12, Modification date: 2016/05/06Ports
tcp/445
- C:\Windows\system32\atmfd.dll has not been patched. Remote version : 5.1.2.238 Should be : 5.1.2.245
|
85844 - MS15-102: Vulnerabilities in Windows Task Management Could Allow Elevation of Privilege (3089657) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple elevation of privilege vulnerabilities.Description
The remote Windows host is affected by multiple elevation of privilege vulnerabilities in Windows Task Management : - An elevation of privilege vulnerability exists due to a failure to properly validate and enforce impersonation levels. An authenticated, remote attacker can exploit this, via a specially crafted application, to bypass impersonation-level security checks and gain elevated privileges. (CVE-2015-2524) - An elevation of privilege vulnerability exists in Windows Task Scheduler due to improper verification of certain file system interactions. An authenticated, remote attacker can exploit this, via a specially crafted application, to execute arbitrary code in the security context of the local system. (CVE-2015-2525) - An elevation of privilege vulnerability exists due to a failure to properly validate and enforce impersonation levels. An authenticated, remote attacker can exploit this, via a specially crafted application, to bypass impersonation-level security checks and gain elevated privileges. CVE-2015-2528)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, 2012 R2, 10.Risk Factor
HighCVSS Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)CVSS Temporal Score
7.4 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IIReferences
Exploitable with
CANVAS (true)Plugin Information:
Publication date: 2015/09/08, Modification date: 2016/12/09Ports
tcp/445
- C:\Windows\system32\schedsvc.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18001
|
85847 - MS15-101: Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (3089662) |
[-/+] |
Synopsis
The version of the .NET Framework installed on the remote host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities in the Microsoft .NET Framework : - An elevation of privilege vulnerability exists due to improper validation of the number of objects in memory before they are copied into an array. A remote, unauthenticated attacker can exploit this to bypass Code Access Security (CAS) restrictions by convincing a user to run an untrusted .NET application or to visit a website containing a malicious XAML browser application. (CVE-2015-2504) - A denial of service vulnerability exists due to improper handling of specially crafted requests to an ASP .NET server. A remote, unauthenticated attacker can exploit this to degrade performance. (CVE-2015-2526)See Also
Solution
Microsoft has released a set of patches for .NET Framework 2.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IIReferences
Plugin Information:
Publication date: 2015/09/08, Modification date: 2016/05/06Ports
tcp/445
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.componentmodel.dataannotations.dll has not been patched. Remote version : 4.0.30319.33440 Should be : 4.0.30319.34262 - C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.drawing.dll has not been patched. Remote version : 4.0.30319.33440 Should be : 4.0.30319.34262
|
85877 - MS15-097: Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (3089656) |
[-/+] |
Synopsis
The remote host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists in the Windows Adobe Type Manager Library due to improper handling of specially crafted OpenType fonts. An authenticated, remote attacker can exploit this vulnerability, via a specially crafted application, to elevate privileges and execute arbitrary code. (CVE-2015-2506) - Multiple elevation of privilege vulnerabilities exist in the Windows Adobe Type Manager Library due to improper handling of objects in memory. A local attacker can exploit these vulnerabilities, via a specially crafted application, to execute arbitrary code. (CVE-2015-2507, CVE-2015-2508, CVE-2015-2512) - A remote code execution vulnerability exists in components of Windows, Office, and Lync due to improper handling of specially crafted OpenType fonts. An unauthenticated, remote attacker can exploit this vulnerability by convincing a user to open a file or visit a website containing specially crafted OpenType fonts, resulting in execution of arbitrary code in the context of the current user. (CVE-2015-2510) - Multiple elevation of privilege vulnerabilities exist in the Windows kernel-mode driver due to improper handling of objects in memory. A local attacker can exploit these vulnerabilities, via a specially crafted application, to execute arbitrary code in kernel mode. (CVE-2015-2511, CVE-2015-2517, CVE-2015-2518, CVE-2015-2546) - An elevation of privilege vulnerability exists in the Windows kernel-mode driver due to improper validation and enforcement of integrity levels during certain process initialization scenarios. A local attacker can exploit this vulnerability, via a specially crafted application, to execute arbitrary code in kernel mode. (CVE-2015-2527) - A security feature bypass vulnerability exists due to a failure by the Windows kernel to properly initialize a memory address. A local attacker can exploit this, via a specially crafted application, to bypass Kernel Address Space Layout Randomization (KASLR) and retrieve the base address of the kernel driver. (CVE-2015-2529)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, 2012 R2, and 10. Additionally, Microsoft has released a set of patches for Office 2007, Office 2010, Lync 2010, Lync 2010 Attendee, Lync 2013 (Skype for Business), Lync Basic 2013, and Live Meeting 2007.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:ND)STIG Severity
IIReferences
Plugin Information:
Publication date: 2015/09/09, Modification date: 2016/05/16Ports
tcp/445
- C:\Windows\system32\atmfd.dll has not been patched. Remote version : 5.1.2.238 Should be : 5.1.2.246
|
86366 - MS15-109: Security Update for Windows Shell to Address Remote Code Execution (3096443) |
[-/+] |
Synopsis
The remote host is affected by multiple remote code execution vulnerabilities.Description
The remote Windows host is affected by the following vulnerabilities : - A remote code execution vulnerability exists in the Windows shell due to improper handling of objects in memory. A remote attacker can exploit this vulnerability by convincing a user to open a specially crafted toolbar object, resulting in the execution of arbitrary code in the context of the current user. (CVE-2015-2515) - A privilege escalation vulnerability exists in the Microsoft Tablet Input Band due to improper handling of objects in memory. A remote attacker can exploit this vulnerability to gain the same user rights as the current user by convincing a user to visit a specially crafted website. (CVE-2015-2548)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, 2012 R2, and 10.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IReferences
Plugin Information:
Publication date: 2015/10/13, Modification date: 2016/07/18Ports
tcp/445
- C:\Windows\system32\shell32.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18038
|
86373 - MS15-111: Security Update for Windows Kernel to Address Elevation of Privilege (3096447) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple vulnerabilities.Description
The remote Windows host is affected by the following vulnerabilities : - Multiple elevation of privilege vulnerabilities exist in the Windows kernel due to improper handling of objects in memory. A local attacker can exploit these vulnerabilities, via a specially crafted application, to execute arbitrary code in kernel mode. (CVE-2015-2549, CVE-2015-2550, CVE-2015-2554) - A security feature bypass vulnerability exists due to a failure to properly enforce the Windows Trusted Boot policy. A local attacker can exploit this, via a specially crafted Boot Configuration Data (BCD) setting, to disable code integrity checks, resulting in the execution of test-signed executables and drivers. Additionally, a local attacker can exploit this vulnerability to bypass Trusted Boot integrity validation for BitLocker and Device Encryption security features. (CVE-2015-2552) - An elevation of privilege vulnerability exists due to improper validation of junctions in certain scenarios in which mount points are being created. An unauthenticated, remote attacker can exploit this in conjunction with another vulnerability to execute arbitrary code in the context of the current user. (CVE-2015-2553)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)CVSS Temporal Score
7.0 (CVSS2#E:POC/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2015/10/13, Modification date: 2016/10/25Ports
tcp/445
- C:\Windows\system32\winload.exe has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18066
|
86822 - MS15-115: Security Update for Microsoft Windows to Address Remote Code Execution (3105864) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple vulnerabilities.Description
The remote Windows host is affected by the following vulnerabilities : - Multiple elevation of privilege vulnerabilities exist that are related to the handling of objects in memory. A local attacker can exploit these, via a crafted application, to run arbitrary code in kernel mode. (CVE-2015-6100, CVE-2015-6101) - Multiple information disclosure vulnerabilities exist due to a failure to properly initialize memory addresses. A local attacker can exploit these, via a specially crafted application, to bypass the Kernel Address Space Layout Randomization (KASLR) and retrieve the base address of the Kernel driver from a compromised process. (CVE-2015-6102, CVE-2015-6109) - Multiple remote code execution vulnerabilities exist in the Adobe Type Manager Library due to improper handling of specially crafted fonts. An unauthenticated, remote attacker can exploit these, via a crafted document or web page, to execute arbitrary code. (CVE-2015-6103, CVE-2015-6104) - A security feature bypass vulnerability exists due to improper validation of permissions. A local attacker can exploit this to interact with the file system in an inappropriate manner to modify files, by using a crafted, low-integrity-level, user-mode application. (CVE-2015-6113)See Also
Solution
Microsoft has released a set of patches for Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, 2012 R2, and 10.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:ND)STIG Severity
IReferences
Plugin Information:
Publication date: 2015/11/10, Modification date: 2016/05/19Ports
tcp/445
- C:\Windows\system32\win32k.sys has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18093
|
86826 - MS15-119: Security Update for Winsock to Address Elevation of Privilege (3104521) |
[-/+] |
Synopsis
The remote Windows host is affected by an elevation of privilege vulnerability.Description
The remote Windows host is affected by an elevation of privilege vulnerability due to a flaw in Winsock in which a call is made to a memory address without verifying that the address is valid. An authenticated, remote attacker can exploit this, via a specially crafted application, to gain elevated privileges on the host.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)CVSS Temporal Score
6.7 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2015/11/10, Modification date: 2016/04/29Ports
tcp/445
- C:\Windows\system32\drivers\Afd.sys has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18089
|
86828 - MS15-122: Security Update for Kerberos to Address Security Feature Bypass (3105256) |
[-/+] |
Synopsis
The remote Windows host is affected by a security feature bypass vulnerability.Description
The remote Windows host is affected by a security feature bypass vulnerability in Kerberos due to a failure to check the password change of a user signing into a workstation. A remote attacker can exploit this vulnerability by connecting a workstation to a malicious Kerberos Key Distribution Center (KDC), resulting in the ability to decrypt drives protected by BitLocker. Note that this vulnerability can only be exploited if the target system has BitLocker enabled without a PIN or USB key, and the computer is domain-joined.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS Base Score
7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:N)CVSS Temporal Score
5.8 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IReferences
Plugin Information:
Publication date: 2015/11/10, Modification date: 2016/04/29Ports
tcp/445
- C:\Windows\system32\Kerberos.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18091
|
87253 - MS15-124: Cumulative Security Update for Internet Explorer (3116180) |
[-/+] |
Synopsis
The remote host has a web browser installed that is affected by multiple vulnerabilities.Description
The version of Internet Explorer installed on the remote host is missing Cumulative Security Update 3116180. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these issues by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2015/12/08, Modification date: 2016/04/29Ports
tcp/445
ASLR hardening settings for Internet Explorer in KB3125869 have not been applied. The following DWORD keys must be created with a value of 1: - HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING\iexplore.exe - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING\iexplore.exe
|
87257 - MS15-128: Security Update for Microsoft Graphics Component to Address Remote Code Execution (3104503) |
[-/+] |
Synopsis
The remote host is affected by multiple remote code execution vulnerabilities.Description
The remote Windows host is affected by multiple remote code execution vulnerabilities due to improper handling of embedded fonts by the Windows font library. A remote attacker can exploit these by convincing a user to open a file or visit a website containing a specially crafted embedded font, resulting in execution of arbitrary code in the context of the current user.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, 2012 R2, and 10. Additionally, Microsoft has released a set of patches for Office 2007, Office 2010, Word Viewer, Lync 2010, Lync 2010 Attendee, Lync 2013, Lync Basic 2013, Skype for Business 2016, Live Meeting 2007 Console, Silverlight; and .NET framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5.1, 4.5.2, and 4.6.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2015/12/08, Modification date: 2017/03/08Ports
tcp/445
- C:\Windows\system32\dwrite.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18123
|
87261 - MS15-132: Security Update for Microsoft Windows to Address Remote Code Execution (3116162) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple remote code execution vulnerabilities.Description
The remote Windows host is affected by multiple remote code execution vulnerabilities due to improper input validation when libraries are linked. A remote attacker can exploit these vulnerabilities by convincing a user to open a specially crafted file, resulting in the execution of arbitrary code in the context of the current user.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IIReferences
Exploitable with
Core Impact (true)Metasploit (true)Plugin Information:
Publication date: 2015/12/08, Modification date: 2016/12/09Ports
tcp/445
- C:\Windows\system32\authui.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18111
|
87262 - MS15-133: Security Update for Windows PGM to Address Elevation of Privilege (3116130) |
[-/+] |
Synopsis
The remote Windows host is affected by an elevation of privilege vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by an elevation of privilege vulnerability in the Pragmatic General Multicast (PGM) protocol, installed with the MSMQ service, due to a race condition that can result in references being made to already freed memory. An local attacker can exploit this, via a specially crafted application, to gain elevated privileges on the affected host.See Also
Solution
Microsoft has released a set of patches for Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2015/12/08, Modification date: 2016/04/29Ports
tcp/445
- C:\Windows\system32\drivers\Rmcast.sys has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18119
|
87264 - MS15-135: Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege (3119075) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple elevation of privilege vulnerabilities.Description
The remote Windows host is affected by multiple elevation of privilege vulnerabilities due to improper handling of objects in memory by the Windows kernel. An authenticated, remote attacker can exploit these vulnerabilities by running a specially crafted application, resulting in an elevation of privileges.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)CVSS Temporal Score
7.0 (CVSS2#E:POC/RL:OF/RC:ND)STIG Severity
IReferences
Exploitable with
Core Impact (true)Plugin Information:
Publication date: 2015/12/08, Modification date: 2016/04/29Ports
tcp/445
- C:\Windows\system32\win32k.sys has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18123
|
87881 - MS16-008: Security Update for Windows Kernel to Address Elevation of Privilege (3124605) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple elevation of privilege vulnerabilities due to improper validation of reparse points that have been set by sandbox applications. A local attacker can exploit these vulnerabilities, via a crafted application, to gain elevated privileges and take complete control of the affected system.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, 2012 R2, and 10. Note that Windows 10 with Citrix XenDesktop installed will not be offered the patch due to an issue with the XenDesktop software that prevents users from logging on when the patch is applied. To apply the patch you must first uninstall XenDesktop or contact Citrix for help with the issue.Risk Factor
HighCVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.6 (CVSS2#E:POC/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/01/12, Modification date: 2016/04/29Ports
tcp/445
- C:\Windows\system32\ntoskrnl.exe has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18185
|
87890 - MS16-007: Security Update for Microsoft Windows to Address Remote Code Execution (3124901) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - Multiple elevation of privilege vulnerabilities exist due to improper validation of user-supplied input before loading DLL files. A local attacker can exploit these, via a crafted application, to elevate their privileges and take control of the affected system. (CVE-2016-0014, CVE-2016-0020) - A remote code execution vulnerability exists in DirectShow due to improper validation of user-supplied input. A remote attacker can exploit this, by convincing a user to open a specially crafted file, to execute arbitrary code in the context of the current user, resulting in taking control of the affected system. (CVE-2016-0015) - Multiple remote code execution vulnerabilities exist due to improper validation of user-supplied input before loading DLL files. A local attacker can exploit these, via a specially crafted application, to execute arbitrary code. (CVE-2016-0016, CVE-2016-0018) - A security bypass vulnerability exists in the Windows Remote Desktop Protocol (RDP) due to a failure to prevent remote logons to accounts that have no passwords set. A remote attacker can exploit this, by using an older version of the RDP client to connect to a Windows 10 host, to generate a list of user accounts. (CVE-2016-0019)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, 2012 R2, and 10. Note that Windows 10 with Citrix XenDesktop installed will not be offered the patch due to an issue with the XenDesktop software that prevents users from logging on when the patch is applied. To apply the patch you must first uninstall XenDesktop or contact Citrix for help with the issue.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:ND)STIG Severity
IReferences
Plugin Information:
Publication date: 2016/01/13, Modification date: 2016/06/10Ports
tcp/445
- C:\Windows\system32\advapi32.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18155 - C:\Windows\system32\advapi32.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18155
|
87892 - MS16-005: Security Update for Windows Kernel-Mode Drivers to Address Remote Code Execution (3124584) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the Windows graphics device interface due to improper handling of objects in memory. An attacker can exploit this to bypass the Address Space Layout Randomization (ASLR) feature, resulting in the ability to predict memory offsets in a call stack. (CVE-2016-0008) - A remote code execution vulnerability exists due to improper handling of objects in memory. An attacker can exploit this vulnerability by convincing a user to visit a specially crafted website, resulting in execution of arbitrary code in the context of the current user. (CVE-2016-0008)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, 2012 R2, and 10. Note that Windows 10 with Citrix XenDesktop installed will not be offered the patch due to an issue with the XenDesktop software that prevents users from logging on when the patch is applied. To apply the patch you must first uninstall XenDesktop or contact Citrix for help with the issue.Risk Factor
HighCVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/01/13, Modification date: 2016/04/29Ports
tcp/445
- C:\Windows\system32\gdi32.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18155
|
87893 - MS KB3118753: Update for ActiveX Kill Bits |
[-/+] |
Synopsis
The remote Windows host is missing an update that disables selected ActiveX controls.Description
The remote Windows host is missing one or more kill bits for ActiveX controls that are known to contain vulnerabilities. If any of these ActiveX controls are ever installed on the remote host, either now or in the future, they would expose the host to various security issues. Note that the affected controls are from third-party vendors that have asked Microsoft to prevent their controls from being run in Internet Explorer.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.1 (CVSS2#E:U/RL:TF/RC:C)References
Plugin Information:
Publication date: 2016/01/13, Modification date: 2016/04/29Ports
tcp/445
The kill bit has not been set for the following control : {D4C0DB38-B682-42A8-AF62-DB9247543354}
|
88646 - MS16-014: Security Update for Microsoft Windows to Address Remote Code Execution (3134228) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists in the Windows kernel due to improper handling of objects in memory. A local attacker can exploit this, via a crafted application, to run arbitrary code in kernel mode and therefore take control of the affected system. (CVE-2016-0040) - Multiple code execution vulnerabilities exist due to improper validation of user-supplied input when loading DLL files. A local attacker can exploit these, via a specially crafted application, to execute arbitrary code. (CVE-2016-0041, CVE-2016-0042) - A denial of service vulnerability exists in Microsoft Sync Framework due to improper processing of crafted input that uses the 'change batch' structure. An authenticated, remote attacker can exploit this, via specially crafted packets sent to the SyncShareSvc service, to cause the service to stop responding. (CVE-2016-0044) - A security feature bypass vulnerability exists when Kerberos fails to check the password change of a user signing into a workstation. An attacker can exploit this, by connecting the workstation to a malicious Kerberos Key distribution Center, to bypass Kerberos authentication on a target machine, thus allowing decryption of drives protected by BitLocker. (CVE-2016-0049)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.0 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IIReferences
Exploitable with
Core Impact (true)Metasploit (true)Plugin Information:
Publication date: 2016/02/09, Modification date: 2016/12/09Ports
tcp/445
- C:\Windows\system32\cfgbkend.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18192 - C:\Windows\system32\ntoskrnl.exe has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18192 - C:\Windows\system32\winsync.dll has not been patched. Remote version : 2007.94.9600.16384 Should be : 2007.94.9600.18183 - C:\Windows\system32\kerberos.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18192
|
88649 - MS16-017: Security Update for Remote Desktop Display Driver to Address Elevation of Privilege (3134700) |
[-/+] |
Synopsis
The remote Windows host is affected by an elevation of privilege vulnerability.Description
The remote Windows host is affected by an elevation of privilege vulnerability in the Remote Desktop Protocol (RDP) due to improper handling of objects in memory. An authenticated, remote attacker can exploit this by logging on via RDP and sending specially crafted data over the authenticated connection, resulting in an elevation of privilege.See Also
Solution
Microsoft has released a set of patches for Windows 7, 2012, 8.1, 2012 R2, and 10.Risk Factor
HighCVSS Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)CVSS Temporal Score
6.7 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IReferences
Plugin Information:
Publication date: 2016/02/09, Modification date: 2016/04/29Ports
tcp/445
- C:\Windows\system32\rdpudd.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18167
|
88650 - MS16-018: Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege (3136082) |
[-/+] |
Synopsis
The remote Windows host is affected by an elevation of privilege vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by an elevation of privilege vulnerability in the Windows kernel-mode driver due to improper handling of objects in memory. An authenticated, remote attacker can exploit this, via a specially crafted application, to execute arbitrary code in kernel mode.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)CVSS Temporal Score
6.7 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/02/09, Modification date: 2016/04/29Ports
tcp/445
- C:\Windows\system32\win32k.sys has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18190
|
89749 - MS16-026: Security Update for Graphic Fonts to Address Remote Code Execution (3143148) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple vulnerabilities.Description
The remote Windows host is affected by multiple vulnerabilities in the Adobe Type Manager Library : - A denial of service vulnerability exists due to improper handling of OpenType fonts. A remote attacker can exploit this vulnerability by convincing a user to open a file or visit a website containing specially crafted embedded OpenType fonts, resulting in a denial of service condition. (CVE-2016-0120) - A remote code execution vulnerability exists due to improper handling of specially crafted fonts. A remote attacker can exploit this vulnerability by convincing a user to open a file or visit a website containing specially crafted embedded OpenType fonts, resulting in the execution of arbitrary code in the context of the current user. (CVE-2016-0121)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/03/08, Modification date: 2016/07/18Ports
tcp/445
- C:\Windows\system32\atmfd.dll has not been patched. Remote version : 5.1.2.238 Should be : 5.1.2.247
|
89751 - MS16-028: Security Update for Microsoft Windows PDF Library to Address Remote Code Execution (3143081) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple remote code execution vulnerabilities in the Windows PDF library. A remote attacker can exploit these, by convincing user to open a specially crafted PDF file, to execute arbitrary code in the context of the current user.See Also
Solution
Microsoft has released a set of patches for Windows 2012, 8.1, 2012 R2, and 10.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/03/08, Modification date: 2016/07/18Ports
tcp/445
- C:\Windows\system32\windows.data.pdf.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18229
|
89753 - MS16-030: Security Update for Windows OLE to Address Remote Code Execution (3143136) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple remote code execution vulnerabilities.Description
The remote Windows host is affected by multiple remote code execution vulnerabilities in Microsoft Windows OLE due to improper validation of user-supplied input. A remote attacker can exploit this vulnerability by convincing a user to open a specially crafted file, resulting in the execution of arbitrary code in the context of the current user.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, 2012 R2, and 10.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/03/08, Modification date: 2016/07/18Ports
tcp/445
- C:\Windows\system32\ole32.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18227
|
89755 - MS16-032: Security Update for Secondary Logon to Address Elevation of Privilege (3143141) |
[-/+] |
Synopsis
The remote Windows host is affected by an elevation of privilege vulnerability.Description
The remote Windows host is affected by an elevation of privilege vulnerability in the Windows Secondary Logon Service due to improper management of request handles in memory. An authenticated, remote attacker can exploit this, via a specially crafted application, to elevate privileges, allowing the execution of arbitrary code.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)CVSS Temporal Score
7.4 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IIReferences
Exploitable with
CANVAS (true)Core Impact (true)Metasploit (true)Plugin Information:
Publication date: 2016/03/08, Modification date: 2016/12/09Ports
tcp/445
- C:\Windows\system32\seclogon.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18230
|
89756 - MS16-034: Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege (3143145) |
[-/+] |
Synopsis
The remote host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple flaws in the Win32k kernel-mode driver due to improper handling of objects in memory. An authenticated, remote attacker can exploit these, via a specially crafted application, to elevate privileges, allowing the execution of arbitrary code in kernel mode.See Also
Solution
Microsoft has released a set of patches for Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)CVSS Temporal Score
7.0 (CVSS2#E:POC/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/03/08, Modification date: 2016/07/18Ports
tcp/445
- C:\Windows\system32\win32k.sys has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18228
|
89779 - MS16-033: Security Update for Windows USB Mass Storage Class Driver to Address Elevation of Privilege (3143142) |
[-/+] |
Synopsis
The remote host is affected by an elevation of privilege vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by a flaw in the Windows USB Mass Storage Class driver due to improper validation of objects in memory. A local attacker can exploit this, via a specially crafted USB device, to elevate privileges, allowing the execution of arbitrary code.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/03/09, Modification date: 2016/07/18Ports
tcp/445
- C:\Windows\system32\drivers\usbstor.sys has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18224
|
90433 - MS16-039: Security Update for Microsoft Graphics Component (3148522) |
[-/+] |
Synopsis
The remote host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - Multiple elevation of privilege vulnerabilities exist in the Windows kernel-mode driver due to a failure to properly handle objects in memory. An attacker can exploit these vulnerabilities to execute arbitrary code in kernel mode. (CVE-2016-0143, CVE-2016-0165, CVE-2016-0167) - A remote code execution vulnerability exists in the Windows font library due to improper handling of embedded fonts. An attacker can exploit this vulnerability by convincing a user to open a file or visit a website containing specially crafted embedded fonts, resulting in the execution of arbitrary code in the context of the current user. (CVE-2016-0145)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10. Additionally, Microsoft has released a set of patches for Office 2007, Office 2010, Word Viewer, Skype for Business 2016, Lync 2010, Lync 2013, Live Meeting 2007 Console, .NET framework 3.0 SP2, .NET framework 3.5, and .NET framework 3.5.1.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:ND)STIG Severity
IIReferences
Exploitable with
Core Impact (true)Plugin Information:
Publication date: 2016/04/12, Modification date: 2016/07/18Ports
tcp/445
- C:\Windows\system32\win32k.sys has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18290
|
90434 - MS16-040: Security Update for Microsoft XML Core Services (3148541) |
[-/+] |
Synopsis
The remote host is affected by a remote code execution vulnerability.Description
The remote Windows host is affected by a remote code execution vulnerability in the Microsoft XML Core Services (MSXML) parser due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this vulnerability, by convincing a user to visit a specially-crafted website that is designed to invoke MSXML through Internet Explorer, to execute arbitrary code in the context of the current user.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/04/12, Modification date: 2017/03/21Ports
tcp/445
- C:\Windows\system32\Msxml3.dll has not been patched. Remote version : 8.110.9600.16384 Should be : 8.110.9600.18258
|
90437 - MS16-044: Security Update for Windows OLE (3146706) |
[-/+] |
Synopsis
The remote Windows host is affected by a remote code execution vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by a remote code execution vulnerability in Windows OLE due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this vulnerability by convincing a user to open a specially crafted file, resulting in the execution of arbitrary code in the context of the current user.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, and 2012 R2.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/04/12, Modification date: 2016/07/18Ports
tcp/445
- C:\Windows\system32\ole32.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18256
|
90441 - MS16-048: Security Update for CSRSS (3148528) |
[-/+] |
Synopsis
The remote host is affected by a security feature bypass vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by a security feature bypass vulnerability in the Client-Server Run-time Subsystem (CSRSS) due to improper management of process tokens in memory. A local attacker can exploit this vulnerability, via a specially crafted application, to escalate privileges and execute arbitrary code as an administrator.See Also
Solution
Microsoft has released a set of patches for Windows 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.6 (CVSS2#E:POC/RL:OF/RC:ND)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/04/12, Modification date: 2016/07/18Ports
tcp/445
- C:\Windows\system32\basesrv.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18258
|
91005 - MS16-055: Security Update for Microsoft Graphics Component (3156754) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - Multiple information disclosure vulnerabilities exist in the Windows Graphics component. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to visit a specially crafted website or open open a specially crafted document, resulting in the disclosure of memory contents. (CVE-2016-0168, CVE-2016-0169) - A remote code execution vulnerability exists in the Windows Graphics component due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this vulnerability by convincing a user t visit a specially crafted website or open open a specially crafted document, resulting in the execution of arbitrary code in the context of the current user. (CVE-2016-0170) - A remote code execution vulnerability exists in the Direct3D component due to a use-after-free error. An unauthenticated, remote attacker can exploit this vulnerability by convincing a user to visit a specially crafted website or open open a specially crafted document, resulting in the execution of arbitrary code in the context of the current user. (CVE-2016-0170) - A remote code execution vulnerability exists in the Windows Imaging component due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this vulnerability by convincing a user t visit a specially crafted website or open open a specially crafted document, resulting in the execution of arbitrary code in the context of the current user. (CVE-2016-0195)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/05/10, Modification date: 2016/07/13Ports
tcp/445
- C:\Windows\system32\Windowscodecs.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18302
|
91007 - MS16-057: Security Update for Windows Shell (3156987) |
[-/+] |
Synopsis
The remote host is affected by a remote code execution vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by a remote code execution vulnerability in Windows Shell due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this vulnerability by convincing a user to visit a crafted website, resulting in the execution of arbitrary code in the context of the current user.See Also
Solution
Microsoft has released a set of patches for Windows 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/05/10, Modification date: 2016/07/13Ports
tcp/445
- C:\Windows\system32\Windows.ui.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18302
|
91010 - MS16-060: Security Update for Windows Kernel (3154846) |
[-/+] |
Synopsis
The remote Windows host is affected by a privilege escalation vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by a privilege escalation vulnerability due to improper parsing of certain symbolic links. A local attacker can exploit this vulnerability, via a specially crafted application, to access privileged registry keys, resulting in an elevation of privileges.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, RT, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/05/10, Modification date: 2016/07/13Ports
tcp/445
- C:\Windows\system32\ntoskrnl.exe has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18289
|
91011 - MS16-061: Security Update for Microsoft RPC (3155520) |
[-/+] |
Synopsis
The remote Windows host is affected by a remote code execution vulnerability.Description
The remote Windows host is affected by a remote code execution vulnerability in the Microsoft RPC Network Data Representation (NDR) Engine due to improper handling of memory. An authenticated, remote attacker can exploit this vulnerability, via malformed RPC requests, to execute arbitrary code.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)CVSS Temporal Score
6.7 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IReferences
Plugin Information:
Publication date: 2016/05/10, Modification date: 2016/07/13Ports
tcp/445
- C:\Windows\system32\Rpcrt4.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18292
|
91012 - MS16-062: Security Update for Windows Kernel-Mode Drivers (3158222) |
[-/+] |
Synopsis
The remote host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - Multiple privilege escalation vulnerabilities exist in the Windows kernel-mode driver due to a failure to properly handle objects in memory. An authenticated, remote attacker can exploit this, via a crafted application, to execute arbitrary code. (CVE-2016-0171, CVE-2016-0173, CVE-2016-0174, CVE-2016-0196) - A security feature bypass vulnerability exists in the Windows kernel. An authenticated, remote attacker can exploit this, via a crafted application, to bypass the Kernel Address Space Layout Randomization (KASLR) feature and retrieve the memory address of a kernel object. (CVE-2016-0175) - A privilege escalation vulnerability exists in the DirectX Graphics kernel subsystem due to a failure to properly handle objects in memory. An authenticated, remote attacker can exploit this, via a crafted application, to execute arbitrary code. (CVE-2016-0176) - A privilege escalation vulnerability exists in the DirectX Graphics kernel subsystem due to a failure to correctly map kernel memory and to handle objects in memory. An authenticated, remote attacker can exploit this, via a crafted application, to execute arbitrary code. (CVE-2016-0197)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)CVSS Temporal Score
7.4 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/05/10, Modification date: 2016/07/13Ports
tcp/445
- C:\Windows\system32\win32k.sys has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18302
|
91596 - MS16-063: Cumulative Security Update for Internet Explorer (3163649) |
[-/+] |
Synopsis
The remote host has a web browser installed that is affected by multiple vulnerabilities.Description
The version of Internet Explorer installed on the remote host is missing Cumulative Security Update 3163649. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these issues by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.See Also
Solution
Microsoft has released a set of patches for Internet Explorer 9, 10, and 11. Note that the security update in MS16-077 must also be installed in order to fully resolve CVE-2016-3213.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)References
Exploitable with
Core Impact (true)Plugin Information:
Publication date: 2016/06/14, Modification date: 2017/02/06Ports
tcp/445
The remote host is missing MS16-077.
|
91600 - MS16-072: Security Update for Group Policy (3163622) |
[-/+] |
Synopsis
The remote host is affected by an elevation of privilege vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by an elevation of privilege vulnerability due to a lack of Kerberos authentication for certain calls over LDAP when processing group policy updates. A man-in-the-middle attacker can exploit this vulnerability to create arbitrary group policies and grant a standard user elevated, administrative privileges.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS Base Score
7.1 (CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C)CVSS Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IReferences
Plugin Information:
Publication date: 2016/06/14, Modification date: 2016/07/13Ports
tcp/445
- C:\Windows\system32\gpprefcl.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18339
|
91601 - MS16-073: Security Update for Windows Kernel-Mode Drivers (3164028) |
[-/+] |
Synopsis
The remote host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - Multiple elevation of privilege vulnerabilities exist in the kernel-mode driver due to improper handling of objects in memory. An authenticated, remote attacker can exploit these, via a specially crafted application, to run arbitrary code in kernel mode. (CVE-2016-3218, CVE-2016-3221) - An information disclosure vulnerability exists in the Windows Virtual PCI (VPCI) virtual service provider (VSP) due to improper handling of uninitialized memory. An authenticated, remote attacker can exploit this, via a specially crafted application, to disclose sensitive memory contents. (CVE-2016-3232)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)CVSS Temporal Score
6.7 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/06/14, Modification date: 2016/07/18Ports
tcp/445
- C:\Windows\system32\drivers\vpcivsp.sys has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18340 - C:\Windows\system32\win32k.sys has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18340
|
91602 - MS16-074: Security Update for Microsoft Graphics Component (3164036) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the Windows Graphics Component due to a failure to properly handle objects in memory. A local attacker can exploit this to disclose memory contents. (CVE-2016-3216) - An elevation of privilege vulnerability exists due to a failure to properly handle objects in memory. A local attacker can exploit this vulnerability, via a specially crafted application, to run processes in an elevated context. (CVE-2016-3219) - An elevation of privilege vulnerability exists in the Adobe Type Manager Font Driver due to improper handling of objects in memory. A local attacker can exploit this vulnerability, via a specially crafted application, to execute arbitrary code in an elevated context. (CVE-2016-3220)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.6 (CVSS2#E:POC/RL:OF/RC:ND)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/06/14, Modification date: 2016/07/13Ports
tcp/445
- C:\Windows\system32\atmfd.dll has not been patched. Remote version : 5.1.2.238 Should be : 5.1.2.248
|
91603 - MS16-075: Security Update for Windows SMB Server (3164038) |
[-/+] |
Synopsis
The remote Windows host is affected by an elevation of privilege vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by an elevation of privilege vulnerability in the Microsoft Server Message Block (SMB) server when handling forwarded credential requests that are intended for another service running on the same host. An authenticated attacker can exploit this, via a specially crafted application, to execute arbitrary code with elevated permissions.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)CVSS Temporal Score
6.7 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/06/14, Modification date: 2016/07/13Ports
tcp/445
- C:\Windows\system32\drivers\srvnet.sys has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18340
|
91604 - MS16-076: Security Update for Netlogon (3167691) |
[-/+] |
Synopsis
The remote Windows host is affected by a remote code execution vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by a remote code execution vulnerability due to improper handling of objects in memory. A domain-authenticated attacker can exploit this, via a specially crafted Netlogon request to a domain controller, to execute arbitrary code.See Also
Solution
Microsoft has released a set of patches for Windows 2008, 2008 R2, 2012, and 2012 R2.Risk Factor
HighCVSS Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)CVSS Temporal Score
6.7 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/06/14, Modification date: 2016/07/13Ports
tcp/445
- C:\Windows\system32\wdigest.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18334
|
91607 - MS16-080: Security Update for Microsoft Windows PDF (3164302) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - Multiple information disclosure vulnerabilities exist due to improper parsing of .pdf files. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to open a specially crafted .pdf file, resulting in the disclosure of sensitive information in the context of the current user. (CVE-2016-3201, CVE-2016-3215) - A remote code execution vulnerability exists due to improper parsing of .pdf files. An unauthenticated, remote attacker can exploit this vulnerability by convincing a user to open a specially crafted .pdf file, resulting in the execution of arbitrary code in the context of the current user. (CVE-2016-3203)See Also
Solution
Microsoft has released a set of patches for Windows 2012, 8.1, 2012 R2, and 10.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/06/14, Modification date: 2016/07/13Ports
tcp/445
- C:\Windows\system32\glcndfilter.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18336
|
92018 - MS16-087: Security Update for Windows Print Spooler (3170005) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the Windows Print Spooler service due to improper validation of print drivers while installing a printer from network servers. An unauthenticated, remote attacker can exploit this vulnerability, via a man-in-the-middle attack on a workstation or print server or via a rogue print server, to execute arbitrary code in the context of the current user. (CVE-2016-3238) - An elevation of privilege vulnerability exists in the Windows Print Spooler service due to improperly allowing arbitrary writing to the file system. An attacker can exploit this issue, via a specially crafted script or application, to execute arbitrary code with elevated system privileges. (CVE-2016-3239)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/07/12, Modification date: 2016/08/03Ports
tcp/445
- C:\Windows\System32\ntprint.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18398
|
92021 - MS16-090: Security Update for Windows Kernel-Mode Drivers (3171481) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - Multiple elevation of privilege vulnerabilities exist in the kernel-mode driver due to improper handling of objects in memory. An authenticated, remote attacker can exploit these, via a specially crafted application, to run arbitrary code in kernel mode. (CVE-2016-3249, CVE-2016-3250, CVE-2016-3252, CVE-2016-3254, CVE-2016-3286) - An information disclosure vulnerability exists in the Windows GDI component due improper handling of objects in memory. An authenticated, remote attacker can exploit this, via a specially crafted application, to disclose kernel memory addresses. (CVE-2016-3251)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, 2012 R2, and 10.Risk Factor
HighCVSS Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)CVSS Temporal Score
7.0 (CVSS2#E:POC/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/07/12, Modification date: 2017/03/21Ports
tcp/445
- C:\Windows\system32\win32k.sys has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18377
|
92023 - MS16-092: Security Update for Windows Kernel (3171910) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability exists in the Windows kernel due to improper validation of how a low integrity application can use certain object manager features. An attacker can exploit this issue to take advantage of time-of-check time-of-use (TOCTOU) issues in file path-based checks from a low integrity application, allowing the attacker to modify files outside of a low integrity level application. (CVE-2016-3258) - An information disclosure vulnerability exists in the Windows kernel due to a failure to properly handle certain page fault system calls. A local attacker can exploit this, via a specially crafted application, to disclose information from one process to another. (CVE-2016-3272)See Also
Solution
Microsoft has released a set of patches for Windows 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/07/12, Modification date: 2016/08/03Ports
tcp/445
The registry does not contain the update to DisablePageCombining - C:\Windows\system32\ntoskrnl.exe has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18378
|
92025 - MS16-094: Security Update for Secure Boot (3177404) |
[-/+] |
Synopsis
The remote host is affected by a security bypass vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by a security bypass vulnerability in the Secure Boot component due to improperly applying an affected policy. An attacker who has either administrative privileges or access to the host can exploit this issue, via installing a crafted policy, to disable code integrity checks, thus allowing test-signed executables and drivers to be loaded on the target host. Moreover, the attacker can exploit this issue to bypass the Secure Boot integrity validation for BitLocker and the device encryption security features.See Also
Solution
Microsoft has released a set of patches for Windows 2012, 8.1, RT 8.1, 2012 R2, and 10Risk Factor
HighCVSS Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)CVSS Temporal Score
6.7 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/07/12, Modification date: 2016/08/03Ports
tcp/445
The relevant update does not appear to be installed. This was determined by checking the contents of : C:\Windows\System32\CodeIntegrity\driver.stl
|
92821 - MS16-098: Security Update for Windows Kernel-Mode Drivers (3178466) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities in the Windows kernel-mode driver due to a failure to properly handle objects in memory. An authenticated, remote attacker can exploit these issues, via a crafted application, to execute arbitrary code in kernel mode.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)CVSS Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)CVSS Temporal Score
7.4 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IIReferences
Exploitable with
Core Impact (true)Plugin Information:
Publication date: 2016/08/09, Modification date: 2017/01/06Ports
tcp/445
- C:\Windows\system32\win32k.sys has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18405
|
92822 - MS16-100: Security Update for Secure Boot (3179577) |
[-/+] |
Synopsis
The remote Windows host is affected by a security bypass vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by a security bypass vulnerability in Secure Boot due to improper handling of malicious boot managers. An attacker with administrative privileges can exploit this vulnerability to bypass code integrity checks and load test-signed executables and drivers.See Also
Solution
Microsoft has released a set of patches for Windows 2012, 8.1, RT 8.1, 2012 R2, and 10. Alternatively, as a workaround, configure BitLocker to use Trusted Platform Module (TPM)+PIN protection or disable Secure Boot integrity protection of BitLocker per the vendor advisory.Risk Factor
HighCVSS v3.0 Base Score
7.2 (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)CVSS Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)CVSS Temporal Score
6.7 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/08/09, Modification date: 2016/12/09Ports
tcp/445
- C:\Windows\system32\tpmtasks.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18408
|
92823 - MS16-101: Security Update for Windows Authentication Methods (3178465) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - A security downgrade vulnerability exists in Kerberos due to improper handling of password change requests. A man-in-the-middle attacker can exploit this to cause the authentication protocol to fall back to the NT LAN Manager (NTLM) authentication protocol, resulting in a bypass of Kerberos authentication. (CVE-2016-3237) - An elevation of privilege vulnerability exists in Windows Netlogon due to a failure to properly establish secure communications to a domain controller. A local attacker who has access to a domain-joined machine that points to a domain controller running either Windows Server 2012 or 2012 R2 can exploit this vulnerability to gain elevated privileges via a specially crafted application. (CVE-2016-3300)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.0 (CVSS:3.0/E:P/RL:O/RC:C)CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.6 (CVSS2#E:POC/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/08/09, Modification date: 2016/12/09Ports
tcp/445
- C:\Windows\system32\netlogon.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18405
|
92824 - MS16-102: Security Update for Microsoft Windows PDF Library (3182248) |
[-/+] |
Synopsis
The remote Windows host is affected by a remote code execution vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by a remote code execution vulnerability in the Microsoft Windows PDF Library due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this vulnerability by convincing a user to open a specially crafted PDF file or visit a website containing specially crafted PDF content, resulting in the execution of arbitrary code in the context of the current user.See Also
Solution
Microsoft has released a set of patches for Windows 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/08/09, Modification date: 2016/12/09Ports
tcp/445
- C:\Windows\system32\windows.data.pdf.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18403
|
92843 - MS16-097: Security Update for Microsoft Graphics Component (3177393) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities in the Graphics component due to improper handling of embedded fonts by the Windows font library. An unauthenticated, remote attacker can exploit these vulnerabilities, by convincing a user to visit a malicious website or open a specially crafted document file, to execute arbitrary code in the context of the current user.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.9 (CVSS:3.0/E:P/RL:O/RC:X)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:ND)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/08/10, Modification date: 2017/01/05Ports
tcp/445
None of the versions of 'GdiPlus.dll' under C:\Windows\WinSxS have been patched. Fixed version : 6.3.9600.18405
|
93466 - MS16-106: Security Update for Microsoft Graphics Component (3185848) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - Multiple elevation of privilege vulnerabilities exist in Windows kernel-mode drivers due to improper handling of objects in memory. An authenticated, remote attacker can exploit these, via a specially crafted application, to run arbitrary code in kernel mode. (CVE-2016-3348, CVE-2016-3349) - An information disclosure vulnerability exists in the Graphics Device Interface (GDI) due to improper handling of objects in memory. An authenticated, remote attacker can exploit this, via a specially crafted application, to circumvent the Address Space Layout Randomization (ASLR) feature and disclose sensitive memory information. (CVE-2016-3354) - An elevation of privilege vulnerability exists in the Graphics Device Interface (GDI) due to improper handling of objects in memory. An authenticated, remote attacker can exploit this to run arbitrary code in kernel mode. (CVE-2016-3355) - An unspecified flaw exists in the Graphics Device Interface (GDI) due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a malicious document, to execute arbitrary code in the context of the current user. (CVE-2016-3356See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/09/13, Modification date: 2017/03/21Ports
tcp/445
- C:\Windows\system32\win32k.sys has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18439
|
93470 - MS16-111: Security Update for Windows Kernel (3186973) |
[-/+] |
Synopsis
The remote host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - Multiple elevation of privilege vulnerabilities exist due to improper handling of session objects. A local attacker can exploit these, via a specially crafted application, to hijack the session of another user. (CVE-2016-3305, CVE-2016-3306) - An flaw exists in the Windows Kernel API due to improper enforcement of permissions. A local attacker can exploit this, via a specially crafted application, to elevate privileges and thereby disclose potentially sensitive information. (CVE-2016-3371) - An elevation of privilege vulnerability exists in the Windows Kernel API due to improper enforcement of permissions. A local attacker can exploit this, via a specially crafted application, to impersonate processes, interject cross-process communication, or interrupt system functionality. (CVE-2016-3372) - An flaw exists in the Windows Kernel API due to improperly allowing access to sensitive registry information. A local attacker can exploit this, via a specially crafted application, to elevate privileges and thereby gain access to user account information. (CVE-2016-3373)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.6 (CVSS2#E:POC/RL:OF/RC:C)STIG Severity
IIReferences
Exploitable with
CANVAS (true)Plugin Information:
Publication date: 2016/09/13, Modification date: 2017/03/21Ports
tcp/445
- C:\Windows\system32\ntoskrnl.exe has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18438
|
93471 - MS16-112: Security Update for Windows Lock Screen (3178469) |
[-/+] |
Synopsis
The remote Windows host is affected by an elevation of privilege vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by an elevation of privilege vulnerability due to improperly allowing web content to load from the Windows lock screen. A local attacker can exploit this, by connecting to a maliciously configured WiFi hotspot or by inserting a mobile broadband adapter, to elevate privileges and execute arbitrary code.See Also
Solution
Microsoft has released a set of patches for Windows 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS v3.0 Base Score
6.8 (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/09/13, Modification date: 2016/12/09Ports
tcp/445
- C:\Windows\system32\pnidui.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18434
|
93473 - MS16-114: Security Update for Windows SMBv1 Server (3185879) |
[-/+] |
Synopsis
The remote host is affected by a remote code execution vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by a remote code execution vulnerability in the Microsoft Server Message Block 1.0 (SMBv1) Server due to improper handling of certain requests. An authenticated, remote attacker can exploit this, via specially crafted packets, to cause a denial of service condition or the execution of arbitrary code.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)CVSS Temporal Score
6.7 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/09/13, Modification date: 2016/12/09Ports
tcp/445
- C:\Windows\system32\drivers\srv.sys has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18432
|
93651 - MS16-116: Security Update in OLE Automation for VBScript Scripting Engine (3188724) |
[-/+] |
Synopsis
The remote host is affected by a remote code execution vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by a remote code execution vulnerability in the Microsoft OLE Automation mechanism and the VBScript Scripting Engine due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to execute arbitrary code in context of the current user. Note that MS16-104 must also be installed in order to fully resolve the vulnerability.See Also
Solution
Microsoft has released a set of patches for Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IReferences
Plugin Information:
Publication date: 2016/09/22, Modification date: 2016/12/09Ports
tcp/445
- C:\Windows\system32\Oleaut32.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18434
|
93940 - Wireshark 2.2.x < 2.2.1 Multiple DoS |
[-/+] |
Synopsis
An application installed on the remote Windows host is affected by multiple denial of service vulnerabilities.Description
The version of Wireshark installed on the remote Windows host is 2.2.x prior to 2.2.1. It is, therefore, affected by multiple denial of service vulnerabilities : - A denial of service vulnerability exists in the ncp2222_compile_dfilters() function within file epan/dissectors/packet-ncp2222.inc due to improper handling of NCP frames. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to crash the process. (VulnDB 145253) - A denial of service vulnerability exists in the dissect_disconnrequestresponse() function within file epan/dissectors/packet-btl2cap.c when handling short bluetooth service names. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to crash the process. (VulnDB 145254) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.See Also
Solution
Upgrade to Wireshark version 2.2.1 or later.Risk Factor
HighCVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)CVSS v3.0 Temporal Score
6.9 (CVSS:3.0/E:F/RL:O/RC:X)CVSS Base Score
7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)CVSS Temporal Score
6.4 (CVSS2#E:F/RL:OF/RC:ND)References
| XREF |
OSVDB:145253 |
| XREF |
OSVDB:145254 |
Plugin Information:
Publication date: 2016/10/10, Modification date: 2016/12/05Ports
tcp/445
Path : C:\Program Files\Wireshark Installed version : 2.2.0 Fixed version : 2.2.1
|
94011 - MS16-118: Cumulative Security Update for Internet Explorer (3192887) |
[-/+] |
Synopsis
The remote host has a web browser installed that is affected by multiple vulnerabilities.Description
The version of Internet Explorer installed on the remote Windows host is missing Cumulative Security Update 3192887. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.See Also
Solution
Microsoft has released a set of patches for Internet Explorer 9, 10, and 11. Note that security update 3193515 in MS16-126 must also be installed in order to fully resolve CVE-2016-3298 on Windows Vista and Windows Server 2008.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
8.1 (CVSS:3.0/E:F/RL:O/RC:X)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/10/12, Modification date: 2016/12/09Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 3192392 - 3185331 C:\Windows\System32\Gdiplus.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18468
|
94012 - MS16-123: Security Update for Windows Kernel-Mode Drivers (3192892) |
[-/+] |
Synopsis
The remote host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - Multiple elevation of privilege vulnerabilities exist in the Windows kernel-mode driver due to improper handling of objects in memory. A local attacker can exploit these, via a specially crafted application, to execute arbitrary code in kernel mode. (CVE-2016-3266, CVE-2016-3376, CVE-2016-7185, CVE-2016-7191) - An elevation of privilege vulnerability exists in Windows Transaction Manager due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to execute processes in an elevated context. (CVE-2016-3341)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
HighCVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.2 (CVSS:3.0/E:F/RL:O/RC:X)CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.0 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/10/12, Modification date: 2017/03/13Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 3192392 - 3185331 C:\Windows\System32\Gdiplus.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18468
|
94017 - MS16-120: Security Update for Microsoft Graphics Component (3192884) |
[-/+] |
Synopsis
The remote host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - Multiple information disclosure vulnerabilities exist in the Windows GDI component due to improper handling of objects in memory. A local attacker can exploit these vulnerabilities, via a specially crafted application, to predict memory offsets in a call stack and bypass the Address Space Layout Randomization (ASLR) feature, resulting in the disclosure of memory contents. (CVE-2016-3209, CVE-2016-3262, CVE-2016-3263) - An elevation of privilege vulnerability exists in the Windows kernel due to improper handling of objects in memory. A local attacker can exploit this to elevate privileges and execute code in kernel mode. (CVE-2016-3270) - A remote code execution vulnerability exists in the Windows GDI component due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this vulnerability by convincing a user to visit a specially crafted website or open a specially crafted file, resulting in the execution of arbitrary code in the context of the current user. (CVE-2016-3393) - A remote code execution vulnerability exists in the Windows font library due to improper handling of embedded fonts. An unauthenticated, remote attacker can exploit this vulnerability by convincing a user to visit a specially crafted website or open a specially crafted document file, resulting in the execution of arbitrary code in the context of the current user. (CVE-2016-3396) - An elevation of privilege vulnerability exists in the Windows GDI component due to improper handling of objects in memory. A local attacker can exploit this to elevate privileges and execute code in kernel mode. (CVE-2016-7182)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10. Additionally, Microsoft has released a set of patches for Office 2007, Office 2010, Word Viewer, Skype for Business 2016, Lync 2010, Lync 2013, Live Meeting 2007 Console, .NET Framework 3.0 SP2, .NET Framework 3.5, .NET Framework 3.5.1, .NET Framework 4.5.2, .NET Framework 4.6, and Silverlight 5.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
8.1 (CVSS:3.0/E:F/RL:O/RC:X)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/10/12, Modification date: 2017/02/28Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 3192392 - 3185331 C:\Windows\System32\Gdiplus.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18468
|
94631 - MS16-130: Security Update for Microsoft Windows (3199172) |
[-/+] |
Synopsis
The remote host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update or security rollup. It is, therefore, affected by the following vulnerabilities : - A remote code execution vulnerability exists in the Windows image file handling functionality due to improper handling of image files. An unauthenticated, remote attacker can exploit this vulnerability by convincing a user to open a specially crafted image file from a web page or email message, resulting in the execution of arbitrary code in the context of the current user. (CVE-2016-7212) - An elevation of privilege vulnerability exists in Windows Input Method Editor (IME) due to improper loading of DLL files. A local attacker can exploit this, via a specially crafted application, to elevate privileges. (CVE-2016-7221) - An elevation of privilege vulnerability exists in Windows Task Scheduler due to improper handling of UNC paths. An authenticated, remote attacker can exploit this vulnerability by scheduling a new task with a specially crafted UNC path, resulting in the execution of arbitrary code with elevated system privileges. (CVE-2016-7222)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/11/08, Modification date: 2016/12/09Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 3197873 - 3197874 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18524
|
94633 - MS16-132: Security Update for Microsoft Graphics Component (3199120) |
[-/+] |
Synopsis
The remote host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the Windows Animation Manager due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this vulnerability by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user. (CVE-2016-7205) - An information disclosure vulnerability exists in the ATMFD component due to improper handling of Open Type fonts. An unauthenticated, remote attacker can exploit this vulnerability by convincing a user to visit a specially crafted website or open a specially crafted file, resulting in the disclosure of sensitive information. (CVE-2016-7210) - A remote code execution vulnerability exists in the Windows Media Foundation due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this vulnerability by convincing a user to visit a specially crafted website or open a specially crafted document, resulting in the execution of arbitrary code in the context of the current user. (CVE-2016-7217) - A remote code execution vulnerability exists in the Windows font library due to improper handling of embedded Open Type fonts. An unauthenticated, remote attacker can exploit this vulnerability by convincing a user to visit a specially crafted website or open a specially crafted document, resulting in the execution of arbitrary code in the context of the current user. (CVE-2016-7256)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
8.1 (CVSS:3.0/E:F/RL:O/RC:X)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/11/08, Modification date: 2016/12/09Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 3197873 - 3197874 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18524
|
94635 - MS16-134: Security Update for Common Log File System Driver (3193706) |
[-/+] |
Synopsis
The remote host is affected by multiple elevation of privilege vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple elevation of privilege vulnerabilities in the Windows Common Log File System (CLFS) driver due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to gain elevated privileges.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/11/08, Modification date: 2016/12/19Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 3197873 - 3197874 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18524
|
94636 - MS16-135: Security Update for Windows Kernel-Mode Drivers (3199135) |
[-/+] |
Synopsis
The remote host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the Windows kernel that allows a local attacker, via a specially crafted application, to bypass the Address Space Layout Randomization (ASLR) feature and retrieve the memory address of a kernel object. (CVE-2016-7214) - Multiple elevation of privilege vulnerabilities exist in the Windows kernel-mode driver due to improper handling of objects in memory. A local attacker can exploit these, via a specially crafted application, to execute arbitrary code in kernel mode. (CVE-2016-7215, CVE-2016-7246, CVE-2016-7255) - An information disclosure vulnerability exists in the bowser.sys kernel-mode driver due to improper handling objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2016-7218)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.Risk Factor
HighCVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.5 (CVSS:3.0/E:H/RL:O/RC:X)CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.3 (CVSS2#E:H/RL:OF/RC:ND)STIG Severity
IIReferences
Exploitable with
CANVAS (true)Core Impact (true)Plugin Information:
Publication date: 2016/11/08, Modification date: 2017/03/21Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 3197873 - 3197874 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18524
|
94638 - MS16-137: Security Update for Windows Authentication Methods (3199173) |
[-/+] |
Synopsis
The remote Windows host is affected multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in Windows Virtual Secure Mode due to improper handling of objects in memory. An authenticated, remote attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2016-7220) - A denial of service vulnerability exists in the Local Security Authority Subsystem Service (LSASS) when handling specially crafted requests. An authenticated, remote attacker can exploit this to cause the host to become non-responsive. (CVE-2016-7237) - An elevation of privilege vulnerability exists due to improper handling of NTLM password change requests. An authenticated, remote attacker can exploit this, via a specially crafted application, to gain administrative privileges. (CVE-2016-7238)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)CVSS Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)CVSS Temporal Score
7.0 (CVSS2#E:POC/RL:OF/RC:C)References
Exploitable with
Core Impact (true)Plugin Information:
Publication date: 2016/11/08, Modification date: 2017/03/08Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 3197873 - 3197874 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18524
|
94639 - MS16-138: Security Update for Microsoft Virtual Hard Disk Driver (3199647) |
[-/+] |
Synopsis
The remote host is affected by multiple elevation of privilege vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple elevation of privilege vulnerabilities in the Windows Virtual Hard Disk Driver due to improper handling of user access to certain files. A local attacker can exploit these, via a specially crafted application, to manipulate files not intended to be available to the user.See Also
Solution
Microsoft has released a set of patches for Windows 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.Risk Factor
HighCVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.0 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/11/08, Modification date: 2016/12/09Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 3197873 - 3197874 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18524
|
94641 - MS16-140: Security Update for Boot Manager (3193479) |
[-/+] |
Synopsis
The remote host is affected by a security bypass vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected a security bypass vulnerability in Windows Secure Boot due to the use of an insecure boot policy in firmware. A local attacker can exploit this issue to disable code integrity checks, allowing test-signed executables and drivers to be loaded onto a target device.See Also
Solution
Microsoft has released a set of patches for Windows 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.Risk Factor
HighCVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/11/08, Modification date: 2016/12/09Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 3197873 - 3197874 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18524
|
94643 - MS16-142: Cumulative Security Update for Internet Explorer (3198467) |
[-/+] |
Synopsis
The remote host has a web browser installed that is affected by multiple vulnerabilities.Description
The version of Internet Explorer installed on the remote Windows host is missing Cumulative Security Update 3198467. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.See Also
Solution
Microsoft has released a set of patches for Internet Explorer 9, 10, and 11.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/11/08, Modification date: 2016/12/19Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 3197873 - 3197874 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18524
|
94960 - Mozilla Firefox < 50.0 Multiple Vulnerabilities |
[-/+] |
Synopsis
The remote Windows host contains a web browser that is affected by multiple vulnerabilities.Description
The version of Mozilla Firefox installed on the remote Windows host is prior to 50.0. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.See Also
Solution
Upgrade to Mozilla Firefox version 50.0 or later.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.9 (CVSS:3.0/E:P/RL:O/RC:X)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/11/18, Modification date: 2016/12/05Ports
tcp/445
Path : C:\Program Files\Mozilla Firefox Installed version : 49.0.2 Fixed version : 50
|
95475 - Mozilla Firefox < 50.0.2 nsSMILTimeContainer.cpp SVG Animation RCE |
[-/+] |
Synopsis
The remote Windows host contains a web browser that is affected by a remote code execution vulnerability.Description
The version of Mozilla Firefox installed on the remote Windows host is prior to 50.0.2. It is, therefore, affected by a use-after-free error in dom/smil/nsSMILTimeContainer.cpp when handling SVG animations. An unauthenticated, remote attacker can exploit this issue, via a specially crafted web page, to deference already freed memory, resulting in the execution of arbitrary code.See Also
Solution
Upgrade to Mozilla Firefox version 50.0.2 or later.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
8.1 (CVSS:3.0/E:F/RL:O/RC:X)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:ND)References
Exploitable with
Core Impact (true)Metasploit (true)Plugin Information:
Publication date: 2016/12/02, Modification date: 2017/01/24Ports
tcp/445
Path : C:\Program Files\Mozilla Firefox Installed version : 49.0.2 Fixed version : 50.0.2
|
95764 - MS16-144: Cumulative Security Update for Internet Explorer (3204059) |
[-/+] |
Synopsis
The remote host has a web browser installed that is affected by multiple vulnerabilities.Description
The version of Internet Explorer installed on the remote Windows host is missing Cumulative Security Update 3204059. It is, therefore, affected by multiple vulnerabilities, the most severe of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.See Also
Solution
Microsoft has released a set of patches for Internet Explorer 9, 10, and 11. Note that security update 3208481 in MS16-144 must also be installed in order to fully resolve CVE-2016-7278 on Windows Vista and Windows Server 2008.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.9 (CVSS:3.0/E:P/RL:O/RC:C)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/12/13, Modification date: 2017/03/20Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 3205400 - 3205401 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18533
|
95765 - MS16-146: Security Update for Microsoft Graphics Component (3204066) |
[-/+] |
Synopsis
The remote Windows host is affected multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the Windows GDI component due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted document file, to disclose the contents of memory. (CVE-2016-7257) - Multiple remote code execution vulnerabilities exist in the Windows Graphics Component due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted document file, to execute arbitrary code in the context of the current user. (CVE-2016-7272, CVE-2016-7273)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/12/13, Modification date: 2016/12/19Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 3205400 - 3205401 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18533
|
95766 - MS16-147: Security Update for Microsoft Uniscribe (3204063) |
[-/+] |
Synopsis
The remote host is affected by a remote code execution vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by a remote code execution vulnerability in Windows Uniscribe due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this vulnerability by convincing a user to visit a specially crafted website or open a specially crafted document, resulting in the execution of arbitrary code in the context of the current user.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/12/13, Modification date: 2016/12/19Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 3205400 - 3205401 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18533
|
95768 - MS16-151: Security Update for Windows Kernel-Mode Drivers (3205651) |
[-/+] |
Synopsis
The remote host is affected by multiple elevation of privilege vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple elevation of privilege vulnerabilities : - An elevation of privilege vulnerability exists in the Windows Graphics Component due to improper handling of objects in memory. A local attacker can exploit this vulnerability, via a specially crafted application, to execute arbitrary code in an elevated context. (CVE-2016-7259) - An elevation of privilege vulnerability exists in the Windows kernel-mode driver due to improper handling of objects in memory. A local attacker can exploit this vulnerability, via a specially crafted application, to execute arbitrary code in kernel mode. (CVE-2016-7260)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.Risk Factor
HighCVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.0 (CVSS:3.0/E:P/RL:O/RC:C)CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.6 (CVSS2#E:POC/RL:OF/RC:C)STIG Severity
IIReferences
Exploitable with
Core Impact (true)Plugin Information:
Publication date: 2016/12/13, Modification date: 2017/01/18Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 3205400 - 3205401 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18533
|
95813 - MS16-149: Security Update for Microsoft Windows (3205655) |
[-/+] |
Synopsis
The remote Windows host is affected multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in a Windows Crypto driver running in kernel mode due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2016-7219) - An elevation of privilege vulnerability exists in the Windows installer due to improper sanitization of input, leading to insecure library loading behavior. A local attacker can exploit this to run arbitrary code with elevated system privileges. (CVE-2016-7292)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.Risk Factor
HighCVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/12/14, Modification date: 2017/01/11Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 3205400 - 3205401 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18533
|
95886 - Mozilla Firefox < 50.1 Multiple Vulnerabilities |
[-/+] |
Synopsis
The remote Windows host contains a web browser that is affected by multiple vulnerabilities.Description
The version of Mozilla Firefox installed on the remote Windows host is prior to 50.1. It is, therefore, affected by the following vulnerabilities : - Multiple memory corruption issues exists when handling style contexts, regular expressions, and clamped gradients that allow an unauthenticated, remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-9080) - Multiple memory corruption issues exists, such as when handling document state changes or HTML5 content, or else due to dereferencing already freed memory or improper validation of user-supplied input. An unauthenticated, remote attacker can exploit these to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-9893) - A buffer overflow condition exists in SkiaGl, within the GrResourceProvider::createBuffer() function in file gfx/skia/skia/src/gpu/GrResourceProvider.cpp, due to a GrGLBuffer being truncated during allocation. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-9894) - A security bypass vulnerability exists due to event handlers for marquee elements being executed despite a Content Security Policy (CSP) that disallowed inline JavaScript. An unauthenticated, remote attacker can exploit this to impact integrity. (CVE-2016-9895) - A use-after-free error exists within WebVR when handling the navigator object. An unauthenticated, remote attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2016-9896) - A memory corruption issue exists in libGLES when WebGL functions use a vector constructor with a varying array within libGLES. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-9897) - A use-after-free error exists in Editor, specifically within file editor/libeditor/HTMLEditor.cpp, when handling DOM subtrees. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-9898) - A use-after-free error exists in the nsNodeUtils::CloneAndAdopt() function within file dom/base/nsNodeUtils.cpp, while manipulating DOM events and removing audio elements, due to improper handling of failing node adoption. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-9899) - A security bypass vulnerability exists in the nsDataDocumentContentPolicy::ShouldLoad() function within file dom/base/nsDataDocumentContentPolicy.cpp that allows external resources to be inappropriately loaded by SVG images by utilizing 'data:' URLs. An unauthenticated, remote attacker can exploit this to disclose sensitive cross-domain information. (CVE-2016-9900) - A flaw exists due to improper sanitization of HTML tags received from the Pocket server. An unauthenticated, remote attacker can exploit this to run JavaScript code in the about:pocket-saved (unprivileged) page, giving it access to Pocket's messaging API through HTML injection. (CVE-2016-9901) - A flaw exists in the Pocket toolbar button, specifically in browser/extensions/pocket/content/main.js, due to improper verification of the origin of events fired from its own pages. An unauthenticated, remote attacker can exploit this to inject content and commands from other origins into the Pocket context. Note that this issue does not affect users with e10s enabled. (CVE-2016-9902) - A universal cross-site scripting (XSS) vulnerability exists in the Add-ons SDK, specifically within files addon-sdk/source/lib/sdk/ui/frame/view.html and addon-sdk/source/lib/sdk/ui/frame/view.js, due to improper validation of input before returning it to users. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2016-9903) - An information disclosure vulnerability exists that allows an unauthenticated, remote attacker to determine whether an atom is used by another compartment or zone in specific contexts, by utilizing a JavaScript Map/Set timing attack. (CVE-2016-9904)See Also
Solution
Upgrade to Mozilla Firefox version 50.1 or later.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.9 (CVSS:3.0/E:P/RL:O/RC:X)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:ND)References
Exploitable with
Core Impact (true)Plugin Information:
Publication date: 2016/12/15, Modification date: 2017/01/27Ports
tcp/445
Path : C:\Program Files\Mozilla Firefox Installed version : 49.0.2 Fixed version : 50.1
|
96776 - Mozilla Firefox < 51.0 Multiple Vulnerabilities |
[-/+] |
Synopsis
The remote Windows host contains a web browser that is affected by multiple vulnerabilities.Description
The version of Mozilla Firefox installed on the remote Windows host is prior to 51.0. It is, therefore, affected by multiple vulnerabilities : - Mozilla developers and community members Christian Holler, Gary Kwong, Andre Bargull, Jan de Mooij, Tom Schuster, and Oriol reported memory safety bugs present in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. (CVE-2017-5373) - Mozilla developers and community members Gary Kwong, Olli Pettay, Tooru Fujisawa, Carsten Book, Andrew McCreight, Chris Pearce, Ronald Crane, Jan de Mooij, Julian Seward, Nicolas Pierron, Randell Jesup, Esther Monchari, Honza Bambas, and Philipp reported memory safety bugs present in Firefox 50.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. (CVE-2017-5374) - JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. (CVE-2017-5375) - Use-after-free while manipulating XSL in XSLT documents (CVE-2017-5376) - A memory corruption vulnerability in Skia that can occur when using transforms to make gradients, resulting in a potentially exploitable crash. (CVE-2017-5377) - Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object's address can be discovered through hash codes, and also allows for data leakage of an object's content using these hash codes. (CVE-2017-5378) - Use-after-free vulnerability in Web Animations when interacting with cycle collection found through fuzzing. (CVE-2017-5379) - A potential use-after-free found through fuzzing during DOM manipulation of SVG content. (CVE-2017-5380) - The 'export' function in the Certificate Viewer can force local filesystem navigation when the 'common name' in a certificate contains slashes, allowing certificate content to be saved in unsafe locations with an arbitrary filename. (CVE-2017-5381) - Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content, allowing for the exposure of internal information not meant to be seen by web content. (CVE-2017-5382) - URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. (CVE-2017-5383) - Proxy Auto-Config (PAC) files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user or machine owner and presumed to be non-malicious, but if a user has enabled Web Proxy Auto Detect (WPAD) this file can be served remotely. (CVE-2017-5384) - Data sent with in multipart channels, such as the multipart/x-mixed-replace MIME type, will ignore the referrer-policy response header, leading to potential information disclosure for sites using this header. (CVE-2017-5385) - WebExtension scripts can use the 'data:' protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. (CVE-2017-5386) - The existence of a specifically requested local file can be found due to the double firing of the 'onerror' when the 'source' attribute on a <track> tag refers to a file that does not exist if the source page is loaded locally. (CVE-2017-5387) - A STUN server in conjunction with a large number of 'webkitRTCPeerConnection' objects can be used to send large STUN packets in a short period of time due to a lack of rate limiting being applied on e10s systems, allowing for a denial of service attack. (CVE-2017-5388) - WebExtensions could use the 'mozAddonManager' API by modifying the CSP headers on sites with the appropriate permissions and then using host requests to redirect script loads to a malicious site. This allows a malicious extension to then install additional extensions without explicit user permission. (CVE-2017-5389) - The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. (CVE-2017-5390) - Special 'about:' pages used by web content, such as RSS feeds, can load privileged 'about:' pages in an iframe. If a content-injection bug were found in one of those pages this could allow for potential privilege escalation. (CVE-2017-5391) - The 'mozAddonManager' allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site. This could allow malicious extensions to install additional extensions from the CDN in combination with an XSS attack on Mozilla AMO sites. (CVE-2017-5393) - A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are freed from memory. (CVE-2017-5396) Note that Tenable Network Security has extracted the preceding description block directly from the Mozilla security advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.See Also
Solution
Upgrade to Mozilla Firefox version 51.0 or later.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.9 (CVSS:3.0/E:P/RL:O/RC:X)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2017/01/25, Modification date: 2017/03/15Ports
tcp/445
Path : C:\Program Files\Mozilla Firefox Installed version : 49.0.2 Fixed version : 51.0
|
97574 - Wireshark 2.0.x < 2.0.11 / 2.2.x < 2.2.5 Multiple DoS |
[-/+] |
Synopsis
An application installed on the remote Windows host is affected by multiple denial of service vulnerabilities.Description
The version of Wireshark installed on the remote Windows host is 2.0.x prior to 2.0.11 or 2.2.x prior to 2.2.5. It is, therefore, affected by multiple denial of service vulnerabilities : - An infinite loop condition exists in the Netscaler file parser in the nstrace_read_v20() and nstrace_read_v30() functions within file wiretap/netscaler.c due to improper validation of certain input. An unauthenticated, remote attacker can exploit this, via a specially crafted capture file, to consume excessive memory resources, resulting in a denial of service condition. (CVE-2017-6467) - An out-of-bounds read error exists within various functions in file wiretap/netscaler.c when handling record lengths. An unauthenticated, remote attacker can exploit this, via a specially crafted capture file, to crash the Netscaler file parser process. (CVE-2017-6468) - A memory allocation issue exists in the dissect_ldss_transfer() function within file epan/dissectors/packet-ldss.c due to improper validation of certain input. An unauthenticated, remote attacker can exploit this, via packet injection or a specially crafted capture file, to crash the LDSS dissector process. (CVE-2017-6469) - An infinite loop condition exists in IAX2 in the iax2_add_ts_fields() function within file epan/dissectors/packet-iax2.c when processing timestamps. An unauthenticated, remote attacker can exploit this, via packet injection or a specially crafted capture file, to consume excessive CPU resources, resulting in a denial of service condition. (CVE-2017-6470) - An infinite loop condition exists in WSP in the dissect_wsp_common() function within file epan/dissectors/packet-wsp.c when handling capability lengths. An unauthenticated, remote attacker can exploit this, via packet injection or a specially crafted capture file, to cause a denial of service condition. (CVE-2017-6471) - An infinite loop condition exists in the RTMPT dissector in the dissect_rtmpt_common() function within file epan/dissectors/packet-rtmpt.c due to improper validation of certain input. An unauthenticated, remote attacker can exploit this, via packet injection or a specially crafted capture file, to consume excessive memory resources, resulting in a denial of service condition. (CVE-2017-6472) - A denial of service vulnerability exists in the process_packet_data() function within file wiretap/k12.c due to improper validation of certain input. An unauthenticated, remote attacker can exploit this, via a specially crafted capture file, to crash the K12 file parser process. (CVE-2017-6473) - An infinite loop condition exists in the NetScaler file parser in the nstrace_read_v10(), nstrace_read_v20(), and nstrace_read_v30() functions within file wiretap/netscaler.c when handling record sizes. An unauthenticated, remote attacker can exploit this, via a specially crafted capture file, to consume excessive memory resources, resulting in a denial of service condition. (CVE-2017-6474) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.See Also
Solution
Upgrade to Wireshark version 2.0.11 / 2.2.5 or later.Risk Factor
HighCVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)CVSS v3.0 Temporal Score
6.9 (CVSS:3.0/E:F/RL:O/RC:X)CVSS Base Score
7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)CVSS Temporal Score
6.4 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IReferences
Plugin Information:
Publication date: 2017/03/07, Modification date: 2017/03/15Ports
tcp/445
Path : C:\Program Files\Wireshark Installed version : 2.2.0 Fixed version : 2.2.5
|
97639 - Mozilla Firefox < 52.0 Multiple Vulnerabilities |
[-/+] |
Synopsis
The remote Windows host contains a web browser that is affected by multiple vulnerabilities.Description
The version of Mozilla Firefox installed on the remote Windows host is prior to 52.0. It is, therefore, affected by multiple vulnerabilities : - Mozilla developers and community members Boris Zbarsky, Christian Holler, Honza Bambas, Jon Coppeard, Randell Jesup, Andre Bargull, Kan-Ru Chen, and Nathan Froyd reported memory safety bugs present in Firefox 51 and Firefox ESR 45.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. (CVE-2017-5398) - Mozilla developers and community members Carsten Book, Calixte Denizet, Christian Holler, Andrew McCreight, David Bolter, David Keeler, Jon Coppeard, Tyson Smith, Ronald Crane, Tooru Fujisawa, Ben Kelly, Bob Owen, Jed Davis, Julian Seward, Julian Hector, Philipp, Markus Stange, and Andre Bargull reported memory safety bugs present in Firefox 51. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. (CVE-2017-5399) - JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. (CVE-2017-5400) - A crash triggerable by web content in which an ErrorResult references unassigned memory due to a logic error. The resulting crash may be exploitable. (CVE-2017-5401) - A use-after-free can occur when events are fired for a FontFace object after the object has been already been destroyed while working with fonts. This results in a potentially exploitable crash. (CVE-2017-5402) - When adding a range to an object in the DOM, it is possible to use addRange to add the range to an incorrect root object. This triggers a use-after-free, resulting in a potentially exploitable crash. (CVE-2017-5403) - A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash. (CVE-2017-5404) - Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. (CVE-2017-5405) - A segmentation fault can occur in the Skia graphics library during some canvas operations due to issues with mask/clip intersection and empty masks. (CVE-2017-5406) - Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information disclosure. (CVE-2017-5407) - Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions. (CVE-2017-5408) - The Mozilla Windows updater can be called by a non-privileged user to delete an arbitrary local file by passing a special path to the callback parameter through the Mozilla Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. (CVE-2017-5409) - Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup. (CVE-2017-5410) - A use-after-free can occur during buffer storage operations within the ANGLE graphics library, used for WebGL content. The buffer storage can be freed while still in use in some circumstances, leading to a potentially exploitable crash. Note: This issue is in libGLES, which is only in use on Windows. Other operating systems are not affected. (CVE-2017-5411) - A buffer overflow read during SVG filter color value operations, resulting in data exposure. (CVE-2017-5412) - A segmentation fault can occur during some bidirectional layout operations. (CVE-2017-5413) - The file picker dialog can choose and display the wrong local default directory when instantiated. On some operating systems, this can lead to information disclosure, such as the operating system or the local account name. (CVE-2017-5414) - An attack can use a blob URL and script to spoof an arbitrary addressbar URL prefaced by blob: as the protocol, leading to user confusion and further spoofing attacks. (CVE-2017-5415) - In certain circumstances a networking event listener can be prematurely released. This appears to result in a null dereference in practice. (CVE-2017-5416) - When dragging content from the primary browser pane to the addressbar on a malicious site, it is possible to change the addressbar so that the displayed location following navigation does not match the URL of the newly loaded page. This allows for spoofing attacks. (CVE-2017-5417) - An out of bounds read error occurs when parsing some HTTP digest authorization responses, resulting in information leakage through the reading of random memory containing matches to specifically set patterns. (CVE-2017-5418) - If a malicious site repeatedly triggers a modal authentication prompt, eventually the browser UI will become non-responsive, requiring shutdown through the operating system. This is a denial of service (DOS) attack. (CVE-2017-5419) - A javascript: url loaded by a malicious page can obfuscate its location by blanking the URL displayed in the addressbar, allowing for an attacker to spoof an existing page without the malicious page's address being displayed correctly. (CVE-2017-5420) - A malicious site could spoof the contents of the print preview window if popup windows are enabled, resulting in user confusion of what site is currently loaded. (CVE-2017-5421) - If a malicious site uses the view-source: protocol in a series within a single hyperlink, it can trigger a non-exploitable browser crash when the hyperlink is selected. This was fixed by no longer making view-source: linkable. (CVE-2017-5422) - A non-existent chrome.manifest file will attempt to be loaded during startup from the primary installation directory. If a malicious user with local access puts chrome.manifest and other referenced files in this directory, they will be loaded and activated during startup. This could result in malicious software being added without consent or modification of referenced installed files. (CVE-2017-5427) Note that Tenable Network Security has extracted the preceding description block directly from the Mozilla security advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.See Also
Solution
Upgrade to Mozilla Firefox version 52.0 or later.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:U/RC:R)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.5 (CVSS2#E:U/RL:U/RC:UR)References
Plugin Information:
Publication date: 2017/03/09, Modification date: 2017/03/24Ports
tcp/445
Path : C:\Program Files\Mozilla Firefox Installed version : 49.0.2 Fixed version : 52.0
|
97729 - MS17-006: Cumulative Security Update for Internet Explorer (4013073) |
[-/+] |
Synopsis
The remote host has a web browser installed that is affected by multiple vulnerabilities.Description
The version of Internet Explorer installed on the remote Windows host is missing Cumulative Security Update 4013073. It is, therefore, affected by multiple vulnerabilities, the most severe of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.See Also
Solution
Microsoft has released a set of patches for Internet Explorer 9, 10, and 11. Note that security update 3218362 in MS17-006 must also be installed in order to fully resolve CVE-2017-0008 on Windows Vista and Windows Server 2008.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:ND)STIG Severity
IIReferences
Plugin Information:
Publication date: 2017/03/14, Modification date: 2017/03/21Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 4012204 - 4012216 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18603
|
97731 - MS17-009: Security Update for Microsoft Windows PDF Library (4010319) |
[-/+] |
Synopsis
The remote Windows host is affected by a remote code execution vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by a remote code execution vulnerability in the Windows PDF Library due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this vulnerability, by convincing a user to open a specially crafted PDF file or visit a website containing specially crafted PDF content, to execute arbitrary code.See Also
Solution
Microsoft has released a set of patches for Windows 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2017/03/14, Modification date: 2017/03/20Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 4012213 - 4012216 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18603
|
97732 - MS17-011: Security Update for Microsoft Uniscribe (4013076) |
[-/+] |
Synopsis
The remote host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - Multiple remote code execution vulnerabilities exist in Windows Uniscribe due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit these to execute arbitrary code by convincing a user to view a specially crafted website or open a specially crafted document file. (CVE-2017-0072, CVE-2017-0083, CVE-2017-0084, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, CVE-2017-0089, CVE-2017-0090) - Multiple information disclosure vulnerabilities exist in Windows Uniscribe that allow an unauthenticated, remote attacker to gain access to sensitive information by convincing a user to view a specially crafted website or open a specially crafted document file. (CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, CVE-2017-0128)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2017/03/14, Modification date: 2017/03/20Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 4012213 - 4012216 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18603
|
97733 - MS17-017: Security Update for Windows Kernel (4013081) |
[-/+] |
Synopsis
The remote Windows host is affected multiple elevation of privilege vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple elevation of privilege vulnerabilities : - An elevation of privilege vulnerability exists in the Windows Kernel API due to improper enforcement of permissions. A local attacker can exploit this, via a specially crafted application, to run processes in an elevated context. (CVE-2017-0050) - An elevation of privilege vulnerability exists in the Windows Transaction Manager due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to run processes in an elevated context. (CVE-2017-0101) - An elevation of privilege vulnerability exists due to a failure to check the length of a buffer prior to copying memory. A local attacker can exploit this, by copying a file to a shared folder or drive, to gain elevated privileges. (CVE-2017-0102) - An elevation of privilege vulnerability exists in the Windows Kernel API due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to gain elevated privileges. (CVE-2017-0103)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.Risk Factor
HighCVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2017/03/14, Modification date: 2017/03/20Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 4012213 - 4012216 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18603
|
97738 - MS17-018: Security Update for Windows Kernel-Mode Drivers (4013083) |
[-/+] |
Synopsis
The remote Windows host is affected multiple elevation of privilege vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple elevation of privilege vulnerabilities in the Windows kernel-mode driver due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to run arbitrary code in kernel mode.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.Risk Factor
HighCVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2017/03/15, Modification date: 2017/03/20Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 4012213 - 4012216 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18603
|
97794 - MS17-013: Security Update for Microsoft Graphics Component (4013075) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - Multiple elevation of privilege vulnerabilities exist in the Windows Graphics Device Interface (GDI) component due to improper handling of objects in memory. A local attacker can exploit these vulnerabilities, via a specially crafted application, to execute arbitrary code in kernel mode. (CVE-2017-0001, CVE-2017-0005, CVE-2017-0025, CVE-2017-0047) - Multiple remote code execution vulnerabilities exist in the Windows Graphics component due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit these vulnerabilities, by convincing a user to visit a specially crafted web page or open a specially crafted document, to execute arbitrary code. (CVE-2017-0014, CVE-2017-0108) - An information disclosure vulnerability exists in the Windows Graphics Device Interface (GDI) component due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted web page or open a specially crafted document, to disclose the contents of memory. (CVE-2017-0038) - Multiple information disclosure vulnerabilities exist in the Windows Graphics Device Interface (GDI) component due to improper handling of memory addresses. A local attacker can exploit these vulnerabilities, via a specially crafted application, to disclose sensitive information. (CVE-2017-0060, CVE-2017-0062, CVE-2017-0073) - Multiple information disclosure vulnerabilities exist in the Color Management Module (ICM32.dll) due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted web page, to disclose sensitive information and bypass usermode Address Space Layout Randomization (ASLR). (CVE-2017-0061, CVE-2017-0063)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016. Additionally, Microsoft has released a set of patches for Office 2007, Office 2010, Word Viewer, Skype for Business 2016, Lync 2010, Lync 2010 Attendee, Lync 2013, Lync Basic 2013, Live Meeting 2007 Console, and Silverlight 5.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:ND)STIG Severity
IIReferences
Plugin Information:
Publication date: 2017/03/17, Modification date: 2017/03/22Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 4012213 - 4012216 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18603
|
99125 - Mozilla Firefox < 52.0.1 CreateImageBitmap RCE |
[-/+] |
Synopsis
The remote Windows host contains a web browser that is affected by a remote code execution vulnerability.Description
The version of Mozilla Firefox installed on the remote Windows host is prior to 52.0.1. It is, therefore, affected by an integer overflow condition in the nsGlobalWindow::CreateImageBitmap() function within file dom/base/nsGlobalWindow.cpp due to improper validation of certain input. An unauthenticated, remote attacker can exploit this to corrupt memory, possibly resulting in the execution of arbitrary code. Note that this function runs in the content sandbox, requiring a second vulnerability to compromise a user's computer.See Also
Solution
Upgrade to Mozilla Firefox version 52.0.1 or later.Risk Factor
HighCVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS Base Score
7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)STIG Severity
IReferences
Plugin Information:
Publication date: 2017/03/31, Modification date: 2017/04/03Ports
tcp/445
Path : C:\Program Files\Mozilla Firefox Installed version : 49.0.2 Fixed version : 52.0.1
|
70853 - MS13-095: Vulnerability in Digital Signatures Could Allow Denial of Service (2868626) |
[-/+] |
Synopsis
The remote Windows host is affected by a denial of service vulnerability.Description
The remote Windows host is affected by a denial of service vulnerability due to the way affected web services process specially crafted X.509 certificates. By exploiting this flaw, a remote, unauthenticated attacker could crash the affected service.See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008 SP2, 7, 2008 R2, 8, 2012, 8.1 and 2012 R2.Risk Factor
MediumCVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)CVSS Temporal Score
4.3 (CVSS2#E:ND/RL:OF/RC:C)STIG Severity
IReferences
Plugin Information:
Publication date: 2013/11/13, Modification date: 2015/04/23Ports
tcp/445
- C:\Windows\system32\crypt32.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.16431
|
74422 - MS14-030: Vulnerability in Remote Desktop Could Allow Tampering (2969259) |
[-/+] |
Synopsis
The remote Windows host is affected by a tampering vulnerability.Description
The remote Windows host is affected by a tampering vulnerability due to an encryption weakness in the Remote Desktop Protocol (RDP). An attacker could exploit this vulnerability to modify the traffic content of an active RDP session.See Also
Solution
Microsoft has released a set of patches for Windows 7, 8, 2012, 8.1, and 2012 R2.Risk Factor
MediumCVSS Base Score
5.8 (CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P)CVSS Temporal Score
5.0 (CVSS2#E:ND/RL:OF/RC:C)References
Plugin Information:
Publication date: 2014/06/11, Modification date: 2014/11/18Ports
tcp/445
- C:\Windows\system32\rdpcorets.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.16663
|
74423 - MS14-031: Vulnerability in TCP Protocol Could Allow Denial of Service (2962478) |
[-/+] |
Synopsis
The remote Windows host is affected by a denial of service vulnerability.Description
The remote Windows host is affected by a denial of service vulnerability due to the Windows TCP/IP stack improperly handling certain traffic. An attacker could exploit this vulnerability by sending a sequence of specially crafted TCP packets to cause a target system to stop responding until it is restarted.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.Risk Factor
MediumCVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)CVSS Temporal Score
4.3 (CVSS2#E:ND/RL:OF/RC:C)STIG Severity
IReferences
Exploitable with
Core Impact (true)Plugin Information:
Publication date: 2014/06/11, Modification date: 2015/04/23Ports
tcp/445
- C:\Windows\system32\drivers\tcpip.sys has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.16660
|
74425 - MS14-033: Vulnerability in Microsoft XML Core Services Could Allow Information Disclosure (2966061) |
[-/+] |
Synopsis
The remote host is affected by an information disclosure vulnerability.Description
The remote host contains a version of Microsoft XML Core Services that is affected by an information disclosure vulnerability. An attacker could exploit this issue by convincing a user to visit a specially crafted website, allowing the attacker to read files on the local user's file system or the content of web domains where the user is currently authenticated.See Also
Solution
Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1 and 2012 R2.Risk Factor
MediumCVSS Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)CVSS Temporal Score
3.7 (CVSS2#E:ND/RL:OF/RC:C)References
Plugin Information:
Publication date: 2014/06/11, Modification date: 2016/07/01Ports
tcp/445
- C:\Windows\system32\Msxml3.dll has not been patched. Remote version : 8.110.9600.16384 Should be : 8.110.9600.16663
|
77165 - MS14-047: Vulnerability in LRPC Could Allow Security Feature Bypass (2978668) |
[-/+] |
Synopsis
The remote Windows host is affected by a security bypass vulnerability.Description
The remote Windows host is affected by a security feature bypass vulnerability in Microsoft Remote Procedure Call (LRPC). The vulnerability is due to RPC improperly freeing malformed messages, allowing an attacker to fill up the address space of a process. Successful exploitation of the issue allows an attacker to bypass the Address Space Layout Randomization (ASLR) security feature.See Also
Solution
Microsoft has released a set of patches for Windows 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.Risk Factor
MediumCVSS Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)CVSS Temporal Score
3.7 (CVSS2#E:ND/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2014/08/12, Modification date: 2014/12/05Ports
tcp/445
- C:\Windows\system32\Rpcrt4.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.17216
|
77573 - MS14-053: Vulnerability in .NET Framework Could Allow Denial of Service (2990931) |
[-/+] |
Synopsis
The version of the .NET Framework installed on the remote host is affected by a denial of service vulnerability.Description
The remote Windows host has a version of the Microsoft .NET Framework that is affected by a vulnerability that allows a remote attacker to cause a denial of service by sending specially crafted requests to an ASP.NET web application running on the affected system. Note that ASP.NET is not installed by default and ASP.NET must be registered and enabled for the host to be affected.See Also
Solution
Microsoft has released a set of patches for .NET Framework 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.0, 4.5, 4.5.1, and 4.5.2.Risk Factor
MediumCVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)CVSS Temporal Score
4.1 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2014/09/10, Modification date: 2016/07/01Ports
tcp/445
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.runtime.serialization.dll has not been patched. Remote version : 4.0.30319.33440 Should be : 4.0.30319.34209
|
78446 - MS KB2977292: Update for Microsoft EAP Implementation that Enables the Use of TLS |
[-/+] |
Synopsis
The remote host is missing an update that allows TLS versions 1.1 and 1.2 to be used with EAP.Description
The remote host is missing Microsoft KB2977292. This update allows the latest Transport Layer Security (TLS) versions (1.1 and 1.2) to be used with the Extensible Authentication Protocol (EAP) for more secure authentication. Enabling this functionality requires a registry edit.See Also
Solution
Microsoft has released a set of patches for Windows 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.Risk Factor
MediumCVSS Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)Plugin Information:
Publication date: 2014/10/15, Modification date: 2016/08/30Ports
tcp/445
- C:\Windows\system32\rastls.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.17334
|
78447 - MS KB3009008: Vulnerability in SSL 3.0 Could Allow Information Disclosure (POODLE) |
[-/+] |
Synopsis
The remote host is affected by a remote information disclosure vulnerability.Description
The remote host is missing one of the workarounds referenced in the Microsoft Security Advisory 3009008. If the client registry key workaround has not been applied, any client software installed on the remote host (including IE) is affected by an information disclosure vulnerability when using SSL 3.0. If the server registry key workaround has not been applied, any server software installed on the remote host (including IIS) is affected by an information disclosure vulnerability when using SSL 3.0. SSL 3.0 uses nondeterministic CBC padding, which allows a man-in-the-middle attacker to decrypt portions of encrypted traffic using a 'padding oracle' attack. This is also known as the 'POODLE' issue.See Also
Solution
Apply the client registry key workaround and the server registry key workaround suggested by Microsoft in the advisory.Risk Factor
MediumCVSS Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)CVSS Temporal Score
3.1 (CVSS2#E:U/RL:TF/RC:UR)References
Plugin Information:
Publication date: 2014/10/15, Modification date: 2016/08/30Ports
tcp/445
The workaround to disable SSL 3.0 for all server software installed on the remote host has not been applied. The workaround to disable SSL 3.0 for all client software installed on the remote host has not been applied. The following users on the remote host have vulnerable IE settings : S-1-5-21-1461451076-3575956778-502172295-500 (SSLv3 Enabled)
|
79131 - MS14-071: Vulnerability in Windows Audio Service Could Allow Elevation of Privilege (3005607) |
[-/+] |
Synopsis
The remote Windows host is affected by a privilege escalation vulnerability.Description
The remote Windows host is affected by a vulnerability in the Windows Audio service component that allows privilege escalation. A remote attacker could exploit this vulnerability to elevate privileges but not execute code.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.Risk Factor
MediumCVSS Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)CVSS Temporal Score
3.4 (CVSS2#E:POC/RL:OF/RC:ND)STIG Severity
IIReferences
Plugin Information:
Publication date: 2014/11/12, Modification date: 2016/05/19Ports
tcp/445
- C:\Windows\system32\audiokse.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.17393
|
79134 - MS14-074: Vulnerability in Remote Desktop Protocol Could Allow Security Feature Bypass (3003743) |
[-/+] |
Synopsis
The remote Windows host is affected by a security bypass vulnerability.Description
The remote Windows host is running Remote Desktop Protocol, which does not properly log failed logon attempts, thus allowing attackers to bypass the audit logon security feature.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.Risk Factor
MediumCVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)CVSS Temporal Score
4.3 (CVSS2#E:ND/RL:OF/RC:C)STIG Severity
IReferences
Plugin Information:
Publication date: 2014/11/12, Modification date: 2015/04/08Ports
tcp/445
- C:\Windows\system32\Adtschema.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.17396
|
79834 - MS14-085: Vulnerability in Microsoft Graphics Component Could Allow Information Disclosure (3013126) |
[-/+] |
Synopsis
The remote Windows host is affected by an information disclosure vulnerability.Description
The version of the Microsoft Graphics Component installed on the remote host is affected by an information disclosure vulnerability due to the way JPEG content is decoded. A remote attacker can exploit this vulnerability by convincing a user to browse to a website containing specially crafted JPEG content, resulting in the disclosure of information that can aid in further attacks.See Also
Solution
Microsoft has released a set of patches for Windows Server 2003, Vista, Server 2008, 7, Server 2008 R2, 8, 8.1, Server 2012, and Server 2012 R2.Risk Factor
MediumCVSS Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)CVSS Temporal Score
3.7 (CVSS2#E:ND/RL:OF/RC:C)References
Plugin Information:
Publication date: 2014/12/09, Modification date: 2016/12/09Ports
tcp/445
- C:\Windows\system32\WindowsCodecs.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.17483
|
80493 - MS15-004: Vulnerability in Windows Components Could Allow Elevation of Privilege (3025421) |
[-/+] |
Synopsis
The remote Windows host is affected by an elevation of privilege vulnerability.Description
The remote Windows host is affected by an elevation of privilege vulnerability in the TS WebProxy Windows component due to a failure to properly sanitize file paths. An attacker can exploit this to gain the same rights as the current user.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.Risk Factor
MediumCVSS Base Score
5.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)CVSS Temporal Score
4.5 (CVSS2#E:POC/RL:OF/RC:C)STIG Severity
IIReferences
| BID |
71965
|
| CVE |
CVE-2015-0016
|
| XREF |
OSVDB:116958 |
| XREF |
EDB-ID:35983 |
| XREF |
MSFT:MS15-004 |
| XREF |
IAVA:2015-A-0010 |
Exploitable with
Metasploit (true)Plugin Information:
Publication date: 2015/01/13, Modification date: 2016/05/06Ports
tcp/445
- C:\Windows\system32\TSWbPrxy.exe has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.17555
|
80494 - MS15-005: Vulnerability in Network Location Awareness Service Could Allow Security Feature Bypass (3022777) |
[-/+] |
Synopsis
The remote Windows host is affected by a security bypass vulnerability.Description
The Network Location Awareness (NLA) service on the remote host is affected by a security bypass vulnerability due to a failure to validate whether it is connected to a trusted domain or an untrusted network. This could cause the system to unintentionally configure applications insecurely (e.g. the firewall policy) when connecting to an untrusted network. An attacker on the same network can exploit this by spoofing responses to DNS or LDAP requests made by the targeted system. Note that Microsoft has no plans to release an update for Windows 2003 even though it is affected by this vulnerability.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.Risk Factor
MediumCVSS Base Score
5.8 (CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P)CVSS Temporal Score
4.3 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2015/01/13, Modification date: 2016/05/06Ports
tcp/445
- C:\Windows\system32\Nlasvc.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.17550
|
80496 - MS15-007: Vulnerability in Network Policy Server RADIUS Implementation Could Cause Denial of Service (3014029) |
[-/+] |
Synopsis
The remote Windows host is affected by a denial of service vulnerability.Description
The remote Windows host is affected by a denial of service vulnerability due to a failure to properly parse username queries on an Internet Authentication Service (IAS) or a Network Policy Server (NPS). A remote, unauthenticated attacker, using specially crafted username strings, can exploit this to prevent RADIUS authentication on the IAS or NPS server.See Also
Solution
Microsoft has released a set of patches for Windows 2003, 2008, 2008 R2, 2012, and 2012 R2.Risk Factor
MediumCVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)CVSS Temporal Score
4.3 (CVSS2#E:ND/RL:OF/RC:C)References
Plugin Information:
Publication date: 2015/01/13, Modification date: 2016/02/14Ports
tcp/445
- C:\Windows\system32\iassam.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.17549
|
81269 - MS15-016: Vulnerability in Microsoft Graphics Component Could Allow Information Disclosure (3029944) |
[-/+] |
Synopsis
The remote Windows host is affected by an information disclosure vulnerability.Description
The version of Microsoft's Graphics Component installed on the remote host is affected by an information disclosure vulnerability due to improperly handled uninitialized memory when parsing specially crafted TIFF image format files. A remote attacker can exploit this vulnerability by convincing a user to browse to a website containing specially crafted TIFF image content, resulting in the disclosure of information.See Also
Solution
Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.Risk Factor
MediumCVSS Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)CVSS Temporal Score
3.4 (CVSS2#E:POC/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2015/02/10, Modification date: 2016/05/19Ports
tcp/445
- C:\Windows\system32\WindowsCodecs.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.17631
|
81737 - MS15-023: Vulnerabilities in Kernel-Mode Driver Could Allow Elevation of Privilege (3034344) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple vulnerabilities.Description
The version of Windows running on the remote host is affected by the following vulnerabilities : - Information disclosure vulnerabilities exist in the kernel-mode driver that can reveal portions of kernel memory. An attacker can exploit these and gain information about the system, which can then be used to launch further attacks. (CVE-2015-0077, CVE-2015-0094, CVE-2015-0095) - A privilege escalation vulnerability exists in the kernel-mode driver due to improper validation of thread tokens. An authenticated attacker, using a specially crafted application, can exploit this issue to gain administrative credentials in order to elevate privileges. (CVE-2015-0078)See Also
Solution
Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.Risk Factor
MediumCVSS Base Score
6.9 (CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.7 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2015/03/10, Modification date: 2016/12/09Ports
tcp/445
- C:\Windows\system32\Win32k.sys has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.17694
|
81738 - MS15-024: Vulnerability in PNG Processing Could Allow Information Disclosure (3035132) |
[-/+] |
Synopsis
The remote Windows host is affected by an information disclosure vulnerability.Description
The remote Windows host is affected by an information disclosure vulnerability due to improperly handled uninitialized memory when parsing specially crafted PNG image format files. A remote attacker can exploit this vulnerability by convincing a user to visit a website containing specially crafted PNG image content, resulting in the disclosure of information.See Also
Solution
Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.Risk Factor
MediumCVSS Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)CVSS Temporal Score
3.2 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2015/03/10, Modification date: 2016/05/06Ports
tcp/445
- C:\Windows\system32\WindowsCodecs.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.17669
|
81743 - MS15-029: Vulnerability in Windows Photo Decoder Component Could Allow Information Disclosure (3035126) |
[-/+] |
Synopsis
The remote Windows host is affected by an information disclosure vulnerability.Description
The version of Microsoft's Photo Decoder Component installed on the remote Windows host is affected by an information disclosure vulnerability due to improperly handled uninitialized memory when parsing specially crafted JPEG XR (.JXR) image format files. A remote attacker can exploit this vulnerability by convincing a user to visit a website containing specially crafted JPEG image content, resulting in the disclosure of information.See Also
Solution
Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.Risk Factor
MediumCVSS Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)CVSS Temporal Score
3.6 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IIReferences
Plugin Information:
Publication date: 2015/03/10, Modification date: 2016/05/06Ports
tcp/445
- C:\Windows\system32\wmphoto.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.17668
|
81744 - MS15-030: Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (3039976) |
[-/+] |
Synopsis
The remote Windows host is affected by a denial of service vulnerability.Description
The remote Windows host is affected by a vulnerability due to a failure by the Remote Desktop Protocol (RDP) to properly free objects in memory. A remote, unauthenticated attacker, by creating multiple RDP sessions, can exploit this to exhaust the system memory and cause a denial of service.See Also
Solution
Microsoft has released a set of patches for Windows 7, 8, 2012, 8.1, and 2012 R2.Risk Factor
MediumCVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)CVSS Temporal Score
4.3 (CVSS2#E:ND/RL:OF/RC:C)References
Plugin Information:
Publication date: 2015/03/10, Modification date: 2016/02/23Ports
tcp/445
- C:\Windows\system32\rdpudd.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.17667
|
81745 - MS15-031: Vulnerability in Schannel Could Allow Security Feature Bypass (3046049) (FREAK) |
[-/+] |
Synopsis
The remote Windows host is affected by a security feature bypass vulnerability.Description
The remote Windows host is affected by a security feature bypass vulnerability, known as FREAK (Factoring attack on RSA-EXPORT Keys), due to the support of weak EXPORT_RSA cipher suites with keys less than or equal to 512 bits. A man-in-the-middle attacker may be able to downgrade the SSL/TLS connection to use EXPORT_RSA cipher suites which can be factored in a short amount of time, allowing the attacker to intercept and decrypt the traffic.See Also
Solution
Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.Risk Factor
MediumCVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)CVSS Temporal Score
4.1 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2015/03/10, Modification date: 2016/05/06Ports
tcp/445
- C:\Windows\system32\schannel.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.17702
|
82777 - MS15-041: Vulnerability in .NET Framework Could Allow Information Disclosure (3048010) |
[-/+] |
Synopsis
The version of the Microsoft .NET Framework installed on the remote host is affected by an information disclose vulnerability.Description
The remote Windows host has a version of the Microsoft .NET Framework installed that is affected by an information disclosure vulnerability due to improper handling of requests on web servers that have custom error messages disabled. A remote, unauthenticated attacker can exploit this issue, via a specially crafted web request, to elicit an error message containing information that was not intended to be accessible.See Also
Solution
Microsoft has released a set of patches for .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4.0, 4.5, 4.5.1, and 4.5.2.Risk Factor
MediumCVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)CVSS Temporal Score
4.3 (CVSS2#E:ND/RL:OF/RC:C)STIG Severity
IReferences
Plugin Information:
Publication date: 2015/04/14, Modification date: 2016/01/15Ports
tcp/445
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Web.dll has not been patched. Remote version : 4.0.30319.33440 Should be : 4.0.30319.34248
|
83360 - MS15-055: Vulnerability in Schannel Could Allow Information Disclosure (3061518) |
[-/+] |
Synopsis
The remote Windows host is affected by an information disclosure vulnerability.Description
The remote Windows host is affected by an information disclosure vulnerability due to Secure Channel (Schannel) allowing the use of a weak Diffie-Hellman ephemeral (DFE) key length of 512 bits in an encrypted TLS session. Usage of weak keys can result in vulnerable key exchanges that are susceptible to various attacks.See Also
Solution
Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.Risk Factor
MediumCVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)CVSS Temporal Score
4.1 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2015/05/12, Modification date: 2016/05/06Ports
tcp/445
- C:\Windows\system32\schannel.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.17810
|
83361 - MS15-052: Vulnerability in Windows Kernel Could Allow Security Feature Bypass (3050514) |
[-/+] |
Synopsis
The remote Windows host is affected by a security bypass vulnerability.Description
The remote Windows host is affected by a security feature bypass vulnerability due to a failure to properly validate memory addresses by the Windows kernel. A remote attacker can exploit this flaw, via a specially crafted application, to bypass the Kernel Address Space Layout Randomization (KASLR), resulting in the disclosure of the base address of the Cryptography Next Generation (CNG) kernel-mode driver (cng.sys).See Also
Solution
Microsoft has released a set of patches for Windows 8, 2012, 8.1, and 2012 R2.Risk Factor
MediumCVSS Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)CVSS Temporal Score
3.7 (CVSS2#E:ND/RL:OF/RC:C)References
Plugin Information:
Publication date: 2015/05/12, Modification date: 2015/07/19Ports
tcp/445
- C:\Windows\system32\drivers\cng.sys has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.17785
|
83363 - MS15-054: Vulnerability in Microsoft Management Console File Format Could Allow Denial of Service (3051768) |
[-/+] |
Synopsis
The remote Windows host is affected by a denial of service vulnerability.Description
The remote Windows host is affected by a flaw due to a failure to properly validate a destination buffer when retrieving icon information from a specially crafted Microsoft Management Console (.msc) file. An unauthenticated, remote attacker, by tricking a victim into opening a malicious .msc file, can exploit this flaw to cause a denial of service.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.Risk Factor
MediumCVSS Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)CVSS Temporal Score
3.7 (CVSS2#E:ND/RL:OF/RC:C)References
Plugin Information:
Publication date: 2015/05/12, Modification date: 2016/06/13Ports
tcp/445
None of the versions of 'comctl32.dll' under C:\Windows\WinSxS have been patched. Fixed version : 6.10.9600.17784
|
84741 - MS15-075: Vulnerabilities in OLE Could Allow Elevation of Privilege (3072633) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple elevation of privilege vulnerabilities.Description
Multiple elevation of privilege vulnerabilities exist in Microsoft Windows OLE due to a failure to properly validate user input. An attacker can exploit these, in conjunction with other vulnerabilities, to execute arbitrary code on an affected system with the permissions of the current user.See Also
Solution
Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.Risk Factor
MediumCVSS Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)CVSS Temporal Score
3.2 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2015/07/14, Modification date: 2015/07/19Ports
tcp/445
- C:\Windows\system32\ole32.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.17905
|
84745 - MS15-074: Vulnerability in Windows Installer Service Could Allow Elevation of Privilege (3072630) |
[-/+] |
Synopsis
The remote Windows host is affected by a privilege escalation vulnerability.Description
The version of Windows Installer Service installed on the remote Windows host is missing Cumulative Security Update 3072630. It is, therefore, affected by an elevation of privilege vulnerability in the Windows Installer service due to improperly running customized action scripts. A local attacker, using specially crafted code that gets executed by a vulnerable .msi package, can exploit this vulnerability to gain elevated privileges.See Also
Solution
Microsoft has released a set of patches for 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, 2012 R2, and 10.Risk Factor
MediumCVSS Base Score
6.9 (CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.7 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2015/07/14, Modification date: 2016/12/19Ports
tcp/445
- C:\Windows\system32\msi.dll has not been patched. Remote version : 5.0.9600.16384 Should be : 5.0.9600.17905
|
85322 - MS15-090: Vulnerabilities in Microsoft Windows Could Allow Elevation of Privilege (3060716) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple elevation of privilege vulnerabilities.Description
The remote Windows host is affected by multiple elevation of privilege vulnerabilities in Windows Object Manager : - A flaw exists in Windows Object Manager due to a failure to properly validate and enforce impersonation levels. A remote, authenticated attacker can exploit this vulnerability, via a specially crafted application, to bypass impersonation-level security, resulting in a privilege escalation. (CVE-2015-2428) - A flaw exists in Windows Object Manager due to a failure to properly restrict certain registry interactions from within vulnerable sandboxed applications. A remote attacker can exploit this vulnerability by convincing a user to open specially crafted file that invokes a vulnerable sandboxed application, to interact with the registry and escape the application sandbox, resulting in a privilege escalation. (CVE-2015-2429) - A flaw exists in Windows Object Manager due to a failure to properly restrict certain filesystem interactions from within vulnerable sandboxed applications. A remote attacker can exploit this vulnerability by convincing a user to open a specially crafted file that invokes a vulnerable sandboxed application, to interact with the filesystem and escape the application sandbox, resulting in a privilege escalation. (CVE-2015-2430)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, and 2012 R2.Risk Factor
MediumCVSS Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)CVSS Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2015/08/11, Modification date: 2015/08/16Ports
tcp/445
- C:\Windows\system32\ntdll.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.17933
|
85332 - MS15-082: Vulnerability in RDP Could Allow Remote Code Execution (3080348) |
[-/+] |
Synopsis
The remote Windows host is affected by multiple vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore affected by the following vulnerabilities : - A spoofing vulnerability exists due to the Remote Desktop Session Host (RDSH) not properly validating certificates during authentication. An man-in-the-middle attacker can exploit this to impersonate a client session by spoofing a TLS/SSL server via a certificate that appears valid. (CVE-2015-2472) - A code execution vulnerability exists due to the Remote Desktop Protocol client not properly handling the loading of certain specially crafted DLL files. An attacker, by placing a malicious DLL in the user's current working directory and convincing the user to open a crafted RDP file, can exploit this issue to execute arbitrary code in the context of the user. (CVE-2015-2473)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, 8.1, 2012, 2012 R2, RT, and RT 8.1.Risk Factor
MediumCVSS Base Score
6.9 (CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.7 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IIReferences
Plugin Information:
Publication date: 2015/08/11, Modification date: 2016/06/10Ports
tcp/445
- C:\Windows\system32\mstscax.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.17931
|
85334 - MS15-088: Unsafe Command Line Parameter Passing Could Allow Information Disclosure (3082458) |
[-/+] |
Synopsis
The remote Windows host is affected by an information disclosure vulnerability.Description
The remote Windows host is affected by an information disclosure vulnerability when files at a medium integrity level become accessible to Internet Explorer running in Enhanced Protection Mode (EPM). An attacker can exploit this vulnerability by leveraging another vulnerability to execute code in IE with EPM, and then executing Excel, Notepad, PowerPoint, Visio, or Word using an unsafe command line parameter.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
MediumCVSS Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)CVSS Temporal Score
3.2 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2015/08/11, Modification date: 2015/08/16Ports
tcp/445
- C:\Windows\system32\notepad.exe has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.17930
|
85335 - MS15-084: Vulnerabilities in XML Core Services Could Allow Information Disclosure (3080129) |
[-/+] |
Synopsis
The remote host is affected by multiple information disclosure vulnerabilities.Description
The remote Windows host contains a version of Microsoft XML Core Services (MSXML) that is affected by multiple information disclosure vulnerabilities : - An information disclosure vulnerability exists in XML Core Services (MSXML) due to the use of Secure Sockets Layer (SSL) 2.0. A man-in-the-middle attacker can exploit this vulnerability by forcing an encrypted SSL 2.0 session and then decrypting the resulting network traffic. (CVE-2015-2434, CVE-2015-2471) - An information disclosure vulnerability exists in XML Core Services (MSXML) due to exposing sensitive memory addresses. A remote attacker, using a specially crafted website, can exploit this to bypass ASLR and gain access to private data. (CVE-2015-2440)See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, 2012 R2, RT, RT 8.1, Office 2007 SP3, and InfoPath 2007 SP3.Risk Factor
MediumCVSS Base Score
5.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)CVSS Temporal Score
4.3 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2015/08/11, Modification date: 2015/08/16Ports
tcp/445
- C:\Windows\system32\msxml6.dll has not been patched. Remote version : 6.30.9600.16384 Should be : 6.30.9600.17931
|
85846 - MS15-096: Vulnerability in Active Directory Service Could Allow Denial of Service (3072595) |
[-/+] |
Synopsis
The remote Windows host is affected by a denial of service vulnerability.Description
The remote Windows host is affected by a denial of service vulnerability in Active Directory that is triggered during the handling of a saturation of account creations. An authenticated, remote attacker, with privileges to join machines to a domain, can exploit this vulnerability by creating multiple machine accounts, resulting in the Active Directory service becoming non-responsive.See Also
Solution
Microsoft has released a set of patches for Windows 2008, 2008 R2, 2012, and 2012 R2.Risk Factor
MediumCVSS Base Score
4.0 (CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P)CVSS Temporal Score
3.0 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2015/09/08, Modification date: 2015/09/17Ports
tcp/445
- C:\Windows\system32\samsrv.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18009
|
86149 - MS KB3097966: Inadvertently Disclosed Digital Certificates Could Allow Spoofing |
[-/+] |
Synopsis
The remote Windows host has an out-of-date SSL certificate blacklist.Description
The remote host is missing KB3097966, KB2677070 (automatic updater), or the latest disallowed certificate update using KB2813430 (manual updater). If KB2677070 has been installed, it has not yet obtained the latest auto-updates. Note that this plugin checks that the updaters have actually updated the disallowed CTL list, not that the KBs listed are installed. This approach was taken since the KB2677070 automatic updater isn't triggered unless software that relies on SSL in the Microsoft Cryptography API is being actively used on the remote host.See Also
Solution
Ensure that the KB3097966 security update has been installed and that the Microsoft automatic updater for revoked certificates is installed and running.Risk Factor
MediumCVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)CVSS Base Score
5.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)Plugin Information:
Publication date: 2015/09/25, Modification date: 2017/02/17Ports
tcp/445
Nessus has determined the remote host is missing KB3097966. Certificate trust list : C:\Windows\System32\CodeIntegrity\driver.stl Effective date : May. 21, 2013 at 17:15:21 GMT Fixed effective date : Sep. 28, 2015 at 21:01:06 GMT
|
86825 - MS15-118: Security Update for .NET Framework to Address Elevation of Privilege (3104507) |
[-/+] |
Synopsis
The version of the .NET Framework installed on the remote host is affected by multiple vulnerabilities.Description
The remote Windows host has a version of the Microsoft .NET Framework that is affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the .NET Framework due to improper DTD parsing of crafted XML files. An unauthenticated, remote attacker can exploit this, via a malicious application file, to gain read access to the local files on the system. (CVE-2015-6096) - An cross-site scripting vulnerability exists in ASP.NET due to improper validation of values in HTTP requests. An unauthenticated, remote attacker can exploit this to inject arbitrary script into the user's browser session. (CVE-2015-6099) - A security feature bypass vulnerability exists in the .NET Framework due to improper implementation of the Address Space Layout Randomization (ASLR) feature. An unauthenticated, remote attacker can exploit this, via crafted website content, to predict memory offsets in a call stack. (CVE-2015-6115)See Also
Solution
Microsoft has released a set of patches for .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.0, 4.5, 4.5.1, 4.5.2, and 4.6.Risk Factor
MediumCVSS Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)CVSS Temporal Score
3.6 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IReferences
Plugin Information:
Publication date: 2015/11/10, Modification date: 2017/01/30Ports
tcp/445
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.web.dll has not been patched. Remote version : 4.0.30319.33440 Should be : 4.0.30319.34274 - C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.deployment.dll has not been patched. Remote version : 4.0.30319.33440 Should be : 4.0.30319.34274
|
86827 - MS15-121: Security Update for Schannel to Address Spoofing (3081320) |
[-/+] |
Synopsis
The remote Windows host is affected by a spoofing vulnerability.Description
The remote Windows host is affected by a spoofing vulnerability due to a weakness in the Secure Channel (SChannel) TLS protocol implementation. A man-in-the-middle attacker can exploit this vulnerability to impersonate a victim on any other server that uses the same credentials as those used between the client and server where the attack is initiated.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, and 2012 R2.Risk Factor
MediumCVSS Base Score
5.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)CVSS Temporal Score
4.8 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IReferences
Plugin Information:
Publication date: 2015/11/10, Modification date: 2016/04/29Ports
tcp/445
- C:\Windows\system32\schannel.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18088
|
86830 - MS15-120: Security Update for IPSec to Address Denial of Service (3102939) |
[-/+] |
Synopsis
The remote host is affected by a denial of service vulnerability.Description
The remote Windows host is affected by a denial of service vulnerability in the Internet Protocol Security (IPSec) service due to improper handling of encryption negotiation. An authenticated, remote attacker can exploit this, via a malicious application, to cause the host to become unresponsive.See Also
Solution
Microsoft has released a set of patches for Windows 8, 2012, 8.1, and 2012 R2Risk Factor
MediumCVSS Base Score
6.3 (CVSS2#AV:N/AC:M/Au:S/C:N/I:N/A:C)CVSS Temporal Score
4.7 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2015/11/10, Modification date: 2016/04/29Ports
tcp/445
- C:\Windows\system32\ikeext.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18086
|
87875 - MS KB3123479: Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program |
[-/+] |
Synopsis
The remote Windows host is missing an update that improves cryptography and digital certificate handling.Description
The remote Windows host is missing Microsoft KB3123479, an update that restricts the use of certificates with SHA1 hashes, this restriction being limited to certificates issued under roots in the Microsoft root certificate program. This update increases the difficulty of carrying out some spoofing, phishing, and man-in-the-middle attacks.See Also
Solution
Microsoft has released a set of patches for Windows 7, 2008 R2, 8, 2012, 8.1, 2012 R2, and 10.Risk Factor
MediumCVSS v3.0 Base Score
4.8 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)CVSS Base Score
4.0 (CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N)STIG Severity
IReferences
Plugin Information:
Publication date: 2016/01/12, Modification date: 2016/12/01Ports
tcp/445
It appears KB3123479 has not been installed since the following registry key does not exist and/or does not contain any of the following values : HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\default WeakSha1ThirdPartyFlags WeakSha1ThirdPartyAfterTime
|
88652 - MS16-020: Security Update for Active Directory Federation Services to Address Denial of Service (3134222) |
[-/+] |
Synopsis
The remote Windows host is affected by a denial of service vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by a denial of service vulnerability in Active Directory Federation Services (ADFS) due to a failure to properly process certain input during forms-based authentication. A remote attacker can exploit this, via crafted input, to cause the server to become unresponsive.See Also
Solution
Microsoft has released a set of patches for Windows Server 2012 R2.Risk Factor
MediumCVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)CVSS Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IReferences
| CVE |
CVE-2016-0037
|
| XREF |
OSVDB:134325 |
| XREF |
MSFT:MS16-020 |
| XREF |
IAVB:2016-B-0023 |
Plugin Information:
Publication date: 2016/02/09, Modification date: 2016/05/31Ports
tcp/445
None of the versions of 'Microsoft.IdentityServer.dll' under C:\Windows\WinSxS have been patched. Fixed version : 6.3.9600.18192
|
88653 - MS16-021: Security Update for NPS RADIUS Server to Address Denial of Service (3133043) |
[-/+] |
Synopsis
The remote Windows host is affected by a denial of service vulnerability.Description
The remote Windows host is affected by a denial of service vulnerability in the Network Policy Server (NPS) due to improper handling of RADIUS authentication requests. An unauthenticated, remote attacker can exploit this, via specially crafted username strings, to cause a denial of service condition for RADIUS authentication on the NPS.See Also
Solution
Microsoft has released a set of patches for Windows 2008, 2008 R2, 2012, and 2012 R2.Risk Factor
MediumCVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)CVSS Temporal Score
4.1 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IReferences
Plugin Information:
Publication date: 2016/02/09, Modification date: 2016/04/29Ports
tcp/445
- C:\Windows\system32\iassam.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18191
|
90440 - MS16-047: Security Update for SAM and LSAD Remote Protocols (3148527) (Badlock) |
[-/+] |
Synopsis
The remote Windows host is affected by an elevation of privilege vulnerability.Description
The remote Windows host is affected by an elevation of privilege vulnerability in the Security Account Manager (SAM) and Local Security Authority (Domain Policy) (LSAD) protocols due to improper authentication level negotiation over Remote Procedure Call (RPC) channels. A man-in-the-middle attacker able to intercept communications between a client and a server hosting a SAM database can exploit this to force the authentication level to downgrade, allowing the attacker to impersonate an authenticated user and access the SAM database.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
MediumCVSS Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)CVSS Temporal Score
5.6 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IReferences
| BID |
86002
|
| CVE |
CVE-2016-0128
|
| XREF |
OSVDB:136339 |
| XREF |
MSFT:MS16-047 |
| XREF |
CERT:813296 |
| XREF |
IAVA:2016-A-0093 |
Plugin Information:
Publication date: 2016/04/12, Modification date: 2016/07/19Ports
tcp/445
- C:\Windows\system32\lsasrv.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18267
|
91016 - MS16-067: Security Update for Volume Manager Driver (3155784) |
[-/+] |
Synopsis
The remote host is affected by an information disclosure vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by an information disclosure vulnerability due to a failure to correctly tie the session of the mounting user to the USB disk being mounted. This issue occurs when the USB disk is mounted over the Remote Desktop Protocol (RDP) via RemoteFX. An attacker can exploit this to access the file and directory information on the mounted USB disk.See Also
Solution
Microsoft has released a set of patches for Windows 2012, 8.1, RT 8.1, and 2012 R2.Risk Factor
MediumCVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)CVSS Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/05/10, Modification date: 2016/07/13Ports
tcp/445
- C:\Windows\system32\drivers\volmgr.sys has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18302
|
91045 - MS KB3155527: Update to Cipher Suites for FalseStart |
[-/+] |
Synopsis
The remote Windows host is affected by a cipher downgrade vulnerability.Description
The remote Windows host is affected by a cipher downgrade vulnerability in FalseStart due to allowing TLS clients to send application data before receiving and verifying the server 'Finished' message. A man-in-the-middle attacker can exploit this to force a TLS client to encrypt the first flight of application_data records using an attacker's chosen cipher suite from the client's list.See Also
Solution
Microsoft has released a set of patches for Windows 2012, 8.1, 2012 R2, and 10.Risk Factor
MediumCVSS Base Score
5.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)Plugin Information:
Publication date: 2016/05/11, Modification date: 2016/05/11Ports
tcp/445
- C:\Windows\system32\schannel.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18298
|
91609 - MS16-082: Security Update for Microsoft Windows Search Component (3165270) |
[-/+] |
Synopsis
The remote host is affected by a denial of service vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by a flaw in the Windows Search component due to improper handling of objects in memory. An authenticated attacker can exploit this to degrade server performance, resulting in a denial of service condition.See Also
Solution
Microsoft has released a set of patches for Windows 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10Risk Factor
MediumCVSS Base Score
4.0 (CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P)CVSS Temporal Score
3.0 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/06/14, Modification date: 2016/07/13Ports
tcp/445
- C:\Windows\system32\structuredquery.dll has not been patched. Remote version : 7.0.9600.16384 Should be : 7.0.9600.18334
|
93474 - MS16-115: Security Update for Microsoft Windows PDF Library (3188733) |
[-/+] |
Synopsis
The remote Windows host is affected by an information disclosure vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple information disclosure vulnerabilities in the Windows PDF Library due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this vulnerability, by convincing a user to open a specially crafted PDF file or visit a website containing specially crafted PDF content, to disclose sensitive information from memory.See Also
Solution
Microsoft has released a set of patches for Windows 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
MediumCVSS v3.0 Base Score
4.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)CVSS v3.0 Temporal Score
3.9 (CVSS:3.0/E:P/RL:O/RC:C)CVSS Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)CVSS Temporal Score
3.4 (CVSS2#E:POC/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/09/13, Modification date: 2016/12/09Ports
tcp/445
- C:\Windows\system32\windows.data.pdf.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18454
|
95435 - Wireshark 2.0.x < 2.0.8 / 2.2.x < 2.2.2 Multiple DoS |
[-/+] |
Synopsis
An application installed on the remote Windows host is affected by multiple denial of service vulnerabilities.Description
The version of Wireshark installed on the remote Windows host is 2.0.x prior to 2.0.8 or 2.2.x prior to 2.2.2. It is, therefore, affected by multiple denial of service vulnerabilities : - A flaw exists in the dissect_PNIO_C_SDU_RTC1() function in packet-pn-rtc-one.c that causes excessive looping. An unauthenticated, remote attacker can exploit this, via specially crafted network traffic or a specially crafted capture file, to exhaust available resources. Note that this vulnerability only affects 2.2.x versions. (CVE-2016-9372) - A use-after-free error exists in the DCEPRC dissector due to improper handling of IA5 SMS decoding. An unauthenticated, remote attacker can exploit this, via specially crafted network traffic or a specially crafted capture file, to cause the application to crash. (CVE-2016-9373) - A buffer over-read flaw exists in the AllJoyn dissector due to improper handling of signature lengths. An unauthenticated, remote attacker can exploit this, via specially crafted network traffic or a specially crafted capture file, to cause the application to crash. (CVE-2016-9374) - A flaw exists in the DTN dissector in the display_metadata_block() function due to improper SDNV evaluation. An unauthenticated, remote attacker can exploit this, via specially crafted network traffic or a specially crafted capture file, to cause an infinite loop. (CVE-2016-9375) - Multiple flaws exist in the OpenFlow dissector in packet-openflow_v5.c due to improper handling of too short data lengths. An unauthenticated, remote attacker can exploit this, via specially crafted network traffic or a specially crafted capture file, to cause the application to crash. (CVE-2016-9376) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.See Also
Solution
Upgrade to Wireshark version 2.0.8 / 2.2.2 or later.Risk Factor
MediumCVSS v3.0 Base Score
5.9 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)CVSS Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)CVSS Temporal Score
3.4 (CVSS2#E:POC/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/12/01, Modification date: 2017/01/27Ports
tcp/445
Path : C:\Program Files\Wireshark Installed version : 2.2.0 Fixed version : 2.2.2
|
95437 - Mozilla Firefox 49.x < 50.0.1 HTTP Redirect Handling Same-origin Policy Bypass |
[-/+] |
Synopsis
The remote Windows host contains a web browser that is affected by a same-origin policy bypass vulnerability.Description
The version of Mozilla Firefox installed on the remote Windows host is 49.x prior to 50.0.1. It is, therefore, affected by a same-origin policy bypass vulnerability in the GetChannelResultPrincipal() function in nsScriptSecurityManager.cpp due to improper handling of HTTP redirects to 'data: URLs'. An unauthenticated, remote attacker can exploit this to bypass the same-origin policy.See Also
Solution
Upgrade to Mozilla Firefox version 50.0.1 or later.Risk Factor
MediumCVSS v3.0 Base Score
4.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)CVSS v3.0 Temporal Score
3.8 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)CVSS Temporal Score
3.2 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/12/01, Modification date: 2016/12/19Ports
tcp/445
Path : C:\Program Files\Mozilla Firefox Installed version : 49.0.2 Fixed version : 50.0.1
|
96765 - Wireshark 2.0.x < 2.0.10 / 2.2.x < 2.2.4 Multiple DoS |
[-/+] |
Synopsis
An application installed on the remote Windows host is affected by multiple denial of service vulnerabilities.Description
The version of Wireshark installed on the remote Windows host is 2.0.x prior to 2.0.10 or 2.2.x prior to 2.2.4. It is, therefore, affected by multiple denial of service vulnerabilities : - A denial of service vulnerability exists when handling DHCPv6 packets due to an integer overflow condition in file epan/dissectors/packet-dhcpv6.c. An unauthenticated, remote attacker can exploit this to cause the program to enter a large loop that consumes excessive CPU resources. (VulnDB 150784) - A denial of service vulnerability exists in the asterix_fspec_len() function within file epan/dissectors/packet-asterix.c due to an infinite loop flaw that is triggered because certain input is improperly validated. An unauthenticated, remote attacker can exploit this to consume excessive CPU resources. (VulnDB 150785) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.See Also
Solution
Upgrade to Wireshark version 2.0.10 / 2.2.4 or later.Risk Factor
MediumCVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)CVSS v3.0 Temporal Score
6.9 (CVSS:3.0/E:F/RL:O/RC:X)CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)CVSS Temporal Score
4.1 (CVSS2#E:F/RL:OF/RC:ND)References
| XREF |
OSVDB:150784 |
| XREF |
OSVDB:150785 |
Plugin Information:
Publication date: 2017/01/25, Modification date: 2017/03/10Ports
tcp/445
Path : C:\Program Files\Wireshark Installed version : 2.2.0 Fixed version : 2.2.4
|
97736 - MS17-021: Security Update for Windows DirectShow (4010318) |
[-/+] |
Synopsis
The remote Windows host is affected by an information disclosure vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by an information disclosure vulnerability in Windows DirectShow due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a website containing specially crafted media content, to disclose sensitive information.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016. Note that the Microsoft Bulletin contains contradictory information regarding the Windows 2012 Security Only Update and the Windows 2012 Monthly Rollup Update. These updates may not resolve the vulnerability. Please contact Microsoft for clarification if you are running Windows 2012.Risk Factor
MediumCVSS v3.0 Base Score
4.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)CVSS Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
| CVE |
CVE-2017-0042
|
| XREF |
OSVDB:153672 |
| XREF |
MSFT:MS17-021 |
| XREF |
IAVB:2017-B-0031 |
Plugin Information:
Publication date: 2017/03/15, Modification date: 2017/03/20Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 4012213 - 4012216 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18603
|
97741 - MS17-016: Security Update for Windows IIS (4013074) |
[-/+] |
Synopsis
The remote Windows host is affected by a cross-site scripting vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by a cross-site scripting (XSS) vulnerability due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.Risk Factor
MediumCVSS v3.0 Base Score
4.7 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)CVSS Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)CVSS Temporal Score
3.6 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IIReferences
Plugin Information:
Publication date: 2017/03/15, Modification date: 2017/03/20Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 4012213 - 4012216 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18603
|
97742 - MS17-022: Security Update for Microsoft XML Core Services (4010321) |
[-/+] |
Synopsis
The remote host is affected by an information disclosure vulnerability.Description
The remote Windows host is affected by an information disclosure vulnerability in Microsoft XML Core Services (MSXML) due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this vulnerability, by convincing a user to visit a specially crafted website, to test for the presence of files on disk.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.Risk Factor
MediumCVSS v3.0 Base Score
4.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)CVSS Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)CVSS Temporal Score
3.2 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2017/03/15, Modification date: 2017/03/20Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 4012213 - 4012216 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18603
|
11457 - Microsoft Windows SMB Registry : Winlogon Cached Password Weakness |
[-/+] |
Synopsis
User credentials are stored in memory.Description
The registry key 'HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ Winlogon\CachedLogonsCount' is non-NULL. Using a non-NULL value for the CachedLogonsCount key indicates that the remote Windows host locally caches the passwords of the users when they login, in order to continue to allow the users to login in the case of the failure of the primary domain controller (PDC).See Also
Solution
Use regedt32 and set the value of this registry key to 0.Risk Factor
LowCVSS Base Score
2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)Plugin Information:
Publication date: 2003/03/24, Modification date: 2016/06/24Ports
tcp/445
Max cached logons : 10
|
80495 - MS15-006: Vulnerability in Windows Error Reporting Could Allow Security Feature Bypass (3004365) |
[-/+] |
Synopsis
The remote Windows host is affected by a security feature bypass vulnerability.Description
The remote Windows host is affected by a vulnerability in the Windows Error Reporting service component that allows bypassing the 'Protected Process Light' security feature. A remote attacker can exploit this vulnerability to gain access to the memory of a running process.See Also
Solution
Microsoft has released a set of patches for Windows 8, 2012, 8.1, and 2012 R2.Risk Factor
LowCVSS Base Score
1.9 (CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N)CVSS Temporal Score
1.4 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2015/01/13, Modification date: 2016/05/06Ports
tcp/445
- C:\Windows\system32\wer.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.17550
|
81267 - MS15-014: Vulnerability in Group Policy Could Allow Security Feature Bypass (3004361) |
[-/+] |
Synopsis
The remote Windows host is affected by a security downgrade vulnerability.Description
The version of Windows running on the remote host is affected by a security downgrade vulnerability that affects workstations and servers configured to use Group Policy. A man-in-the-middle attacker, via modified domain controller responses sent to targeted systems, can cause the policy file to become corrupted and unreadable, resulting in the Group Policy settings reverting to their default, potentially less secure, state.See Also
Solution
Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.Risk Factor
LowCVSS Base Score
2.6 (CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N)CVSS Temporal Score
2.3 (CVSS2#E:ND/RL:OF/RC:C)STIG Severity
IReferences
| BID |
72476
|
| CVE |
CVE-2015-0009
|
| XREF |
OSVDB:118186 |
| XREF |
CERT:787252 |
| XREF |
MSFT:MS15-014 |
| XREF |
IAVB:2015-B-0017 |
Plugin Information:
Publication date: 2015/02/10, Modification date: 2015/05/07Ports
tcp/445
- C:\Windows\system32\scesrv.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.17552
|
94013 - MS16-124: Security Update for Windows Registry (3193227) |
[-/+] |
Synopsis
The remote host is affected by multiple information disclosure vulnerabilities.Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple information disclosure vulnerabilities in the kernel API that allow a local attacker, via a specially crafted application, to disclose sensitive registry information.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
LowCVSS v3.0 Base Score
3.3 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)CVSS Base Score
2.1 (CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N)CVSS Temporal Score
1.7 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/10/12, Modification date: 2016/12/09Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 3185331 - 3192392 C:\Windows\System32\Gdiplus.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18468
|
95770 - MS16-153: Security Update for Common Log File System Driver (3207328) |
[-/+] |
Synopsis
The remote host is affected by an information disclosure vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by an information disclosure vulnerability in the Windows Common Log File System (CLFS) due to improper handling of objects in memory. A local attacker can exploit this vulnerability, via a specially crafted application, to bypass security measures and disclose sensitive information.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.Risk Factor
LowCVSS v3.0 Base Score
5.5 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)CVSS v3.0 Temporal Score
4.8 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
2.1 (CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N)CVSS Temporal Score
1.6 (CVSS2#E:U/RL:OF/RC:C)STIG Severity
IIReferences
Plugin Information:
Publication date: 2016/12/13, Modification date: 2016/12/19Ports
tcp/445
The remote host is missing one of the following rollup KBs : - 3205400 - 3205401 C:\Windows\System32\win32k.sys has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18533
|
10394 - Microsoft Windows SMB Log In Possible |
[-/+] |
Synopsis
It was possible to log into the remote host.Description
The remote host is running a Microsoft Windows operating system or Samba, a CIFS/SMB server for Unix. It was possible to log into it using one of the following accounts : - NULL session - Guest account - Supplied credentialsSee Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2000/05/09, Modification date: 2017/01/19Ports
tcp/445
- The SMB tests will be done as Administrator/******
|
10395 - Microsoft Windows SMB Shares Enumeration |
[-/+] |
Synopsis
It is possible to enumerate remote network shares.Description
By connecting to the remote host, Nessus was able to enumerate the network share names.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2000/05/09, Modification date: 2015/01/12Ports
tcp/445
Here are the SMB shares available on the remote host when logged in as Administrator: - ADMIN$ - C$ - IPC$
|
10396 - Microsoft Windows SMB Shares Access |
[-/+] |
Synopsis
It is possible to access a network share.Description
The remote has one or more Windows shares that can be accessed through the network with the given credentials. Depending on the share rights, it may allow an attacker to read / write confidential data.Solution
To restrict access under Windows, open Explorer, do a right click on each share, go to the 'sharing' tab, and click on 'permissions'.Risk Factor
NoneReferences
Plugin Information:
Publication date: 2000/05/09, Modification date: 2015/11/18Ports
tcp/445
The following shares can be accessed : - C$ - (readable,writable) + Content of this share : .rnd Apps bootmgr BOOTNXT Documents and Settings pagefile.sys PerfLogs Program Files Program Files (x86) ProgramData Repo System Volume Information Temp Users Windows - ADMIN$ - (readable,writable) + Content of this share : .. ADFS AppCompat apppatch AppReadiness assembly bfsvc.exe Boot bootstat.dat Branding CbsTemp Cursors debug DesktopTileResources diagnostics DigitalLocker Downloaded Program Files drivers DtcInstall.log ELAMBKUP en-US explorer.exe Fonts Globalization Help HelpPane.exe hh.exe IME ImmersiveControlPanel Inf InputMethod Installer L2Schemas LiveKernelReports Logs media mib.bin Microsoft.NET ModemLogs Offline Web Pages Panther PFRO.log PLA PolicyDefinitions Provisioning regedit.exe Registration RemotePackages rescache Resources RTUtil560 SchCache schemas security ServerDataCenter.xml ServerWeb.xml ServiceProfiles servicing Setup setupact.log setuperr.log SoftwareDistribution Speech splwow64.exe System system.ini System32 SystemResources SysWOW64 TAPI Tasks Temp ToastData tracing vmgcoinstall.log Vss Web win.ini WindowsShell.Manifest WindowsUpdate.log winhlp32.exe WinSxS write.exe
|
10400 - Microsoft Windows SMB Registry Remotely Accessible |
[-/+] |
Synopsis
Access the remote Windows Registry.Description
It was possible to access the remote Windows Registry using the login / password combination used for the Windows local checks (SMB tests).Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2000/05/09, Modification date: 2015/01/12Ports
tcp/445
|
10456 - Microsoft Windows SMB Service Enumeration |
[-/+] |
Synopsis
It is possible to enumerate remote services.Description
This plugin implements the SvcOpenSCManager() and SvcEnumServices() calls to obtain, using the SMB protocol, the list of active and inactive services of the remote host. An attacker may use this feature to gain better knowledge of the remote host.Solution
To prevent the listing of the services from being obtained, you should either have tight login restrictions, so that only trusted users can access your host, and/or you should filter incoming traffic to this port.Risk Factor
NonePlugin Information:
Publication date: 2000/07/03, Modification date: 2015/01/12Ports
tcp/445
Active Services : Adobe Acrobat Update Service [ AdobeARMservice ] Application Information [ Appinfo ] Application Management [ AppMgmt ] Base Filtering Engine [ BFE ] Background Intelligent Transfer Service [ BITS ] Background Tasks Infrastructure Service [ BrokerInfrastructure ] COM+ System Application [ COMSysApp ] Cryptographic Services [ CryptSvc ] DCOM Server Process Launcher [ DcomLaunch ] DHCP Client [ Dhcp ] DNS Client [ Dnscache ] Diagnostic Policy Service [ DPS ] Windows Event Log [ EventLog ] COM+ Event System [ EventSystem ] Windows Font Cache Service [ FontCache ] Group Policy Client [ gpsvc ] IP Helper [ iphlpsvc ] Server [ LanmanServer ] Workstation [ LanmanWorkstation ] TCP/IP NetBIOS Helper [ lmhosts ] Local Session Manager [ LSM ] Windows Firewall [ MpsSvc ] Distributed Transaction Coordinator [ MSDTC ] Network Connections [ Netman ] Network List Service [ netprofm ] Network Location Awareness [ NlaSvc ] Network Store Interface Service [ nsi ] Plug and Play [ PlugPlay ] Power [ Power ] User Profile Service [ ProfSvc ] RPC Endpoint Mapper [ RpcEptMapper ] Remote Procedure Call (RPC) [ RpcSs ] Security Accounts Manager [ SamSs ] Task Scheduler [ Schedule ] Secondary Logon [ seclogon ] System Event Notification Service [ SENS ] Shell Hardware Detection [ ShellHWDetection ] Print Spooler [ Spooler ] System Events Broker [ SystemEventsBroker ] Tenable Nessus [ Tenable Nessus ] Themes [ Themes ] Distributed Link Tracking Client [ TrkWks ] User Access Logging Service [ UALSVC ] Credential Manager [ VaultSvc ] VMware Alias Manager and Ticket Service [ VGAuthService ] VMware Tools [ VMTools ] Windows Connection Manager [ Wcmsvc ] WinHTTP Web Proxy Auto-Discovery Service [ WinHttpAutoProxySvc ] Windows Management Instrumentation [ Winmgmt ] Windows Remote Management (WS-Management) [ WinRM ] Inactive Services : Application Experience [ AeLookupSvc ] Application Layer Gateway Service [ ALG ] Application Identity [ AppIDSvc ] App Readiness [ AppReadiness ] AppX Deployment Service (AppXSVC) [ AppXSvc ] Windows Audio Endpoint Builder [ AudioEndpointBuilder ] Windows Audio [ Audiosrv ] Computer Browser [ Browser ] Certificate Propagation [ CertPropSvc ] Optimize drives [ defragsvc ] Device Association Service [ DeviceAssociationService ] Device Install Service [ DeviceInstall ] Wired AutoConfig [ dot3svc ] Device Setup Manager [ DsmSvc ] Extensible Authentication Protocol [ Eaphost ] Encrypting File System (EFS) [ EFS ] Function Discovery Provider Host [ fdPHost ] Function Discovery Resource Publication [ FDResPub ] Human Interface Device Service [ hidserv ] Health Key and Certificate Management [ hkmsvc ] Internet Explorer ETW Collector Service [ IEEtwCollectorService ] IKE and AuthIP IPsec Keying Modules [ IKEEXT ] CNG Key Isolation [ KeyIso ] KDC Proxy Server service (KPS) [ KPSSVC ] KtmRm for Distributed Transaction Coordinator [ KtmRm ] Link-Layer Topology Discovery Mapper [ lltdsvc ] Multimedia Class Scheduler [ MMCSS ] Microsoft iSCSI Initiator Service [ MSiSCSI ] Windows Installer [ msiserver ] Network Access Protection Agent [ napagent ] Network Connectivity Assistant [ NcaSvc ] Netlogon [ Netlogon ] Net.Tcp Port Sharing Service [ NetTcpPortSharing ] Performance Counter DLL Host [ PerfHost ] Performance Logs & Alerts [ pla ] IPsec Policy Agent [ PolicyAgent ] Printer Extensions and Notifications [ PrintNotify ] Remote Access Auto Connection Manager [ RasAuto ] Remote Access Connection Manager [ RasMan ] Routing and Remote Access [ RemoteAccess ] Remote Registry [ RemoteRegistry ] Remote Packet Capture Protocol v.0 (experimental) [ rpcapd ] Remote Procedure Call (RPC) Locator [ RpcLocator ] Resultant Set of Policy Provider [ RSoPProv ] Special Administration Console Helper [ sacsvr ] Smart Card [ SCardSvr ] Smart Card Device Enumeration Service [ ScDeviceEnum ] Smart Card Removal Policy [ SCPolicySvc ] Remote Desktop Configuration [ SessionEnv ] Internet Connection Sharing (ICS) [ SharedAccess ] Microsoft Storage Spaces SMP [ smphost ] SNMP Trap [ SNMPTRAP ] Software Protection [ sppsvc ] SSDP Discovery [ SSDPSRV ] Secure Socket Tunneling Protocol Service [ SstpSvc ] Spot Verifier [ svsvc ] Microsoft Software Shadow Copy Provider [ swprv ] Superfetch [ SysMain ] Telephony [ TapiSrv ] Remote Desktop Services [ TermService ] Thread Ordering Server [ THREADORDER ] Storage Tiers Management [ TieringEngineService ] Windows Modules Installer [ TrustedInstaller ] Interactive Services Detection [ UI0Detect ] Remote Desktop Services UserMode Port Redirector [ UmRdpService ] UPnP Device Host [ upnphost ] Virtual Disk [ vds ] Hyper-V Guest Service Interface [ vmicguestinterface ] Hyper-V Heartbeat Service [ vmicheartbeat ] Hyper-V Data Exchange Service [ vmickvpexchange ] Hyper-V Remote Desktop Virtualization Service [ vmicrdv ] Hyper-V Guest Shutdown Service [ vmicshutdown ] Hyper-V Time Synchronization Service [ vmictimesync ] Hyper-V Volume Shadow Copy Requestor [ vmicvss ] VMware Snapshot Provider [ vmvss ] Volume Shadow Copy [ VSS ] Windows Time [ W32Time ] Windows Color System [ WcsPlugInService ] Diagnostic Service Host [ WdiServiceHost ] Diagnostic System Host [ WdiSystemHost ] Windows Event Collector [ Wecsvc ] Windows Encryption Provider Host Service [ WEPHOSTSVC ] Problem Reports and Solutions Control Panel Support [ wercplsupport ] Windows Error Reporting Service [ WerSvc ] WMI Performance Adapter [ wmiApSrv ] Portable Device Enumerator Service [ WPDBusEnum ] Windows Store Service (WSService) [ WSService ] Windows Update [ wuauserv ] Windows Driver Foundation - User-mode Driver Framework [ wudfsvc ] Tenable PVS Proxy Service [ Tenable PVS Proxy ]
|
10736 - DCE Services Enumeration |
[-/+] |
Synopsis
A DCE/RPC service is running on the remote host.Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2001/08/26, Modification date: 2014/05/12Ports
tcp/445
The following DCERPC services are available remotely : Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91 UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0 Description : Unknown RPC service Type : Remote RPC service Named pipe : \PIPE\InitShutdown Netbios name : \\WIN-2TCJ08A60LE Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000 UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0 Description : Unknown RPC service Type : Remote RPC service Named pipe : \PIPE\InitShutdown Netbios name : \\WIN-2TCJ08A60LE Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 Description : Unknown RPC service Type : Remote RPC service Named pipe : \pipe\LSM_API_service Netbios name : \\WIN-2TCJ08A60LE Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Remote RPC service Named pipe : \pipe\lsass Netbios name : \\WIN-2TCJ08A60LE Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 7f1343fe-50a9-4927-a778-0c5859517bac, version 1.0 Description : Unknown RPC service Annotation : DfsDs service Type : Remote RPC service Named pipe : \PIPE\wkssvc Netbios name : \\WIN-2TCJ08A60LE Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Remote RPC service Named pipe : \PIPE\atsvc Netbios name : \\WIN-2TCJ08A60LE Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Remote RPC service Named pipe : \PIPE\atsvc Netbios name : \\WIN-2TCJ08A60LE Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0 Description : Unknown RPC service Type : Remote RPC service Named pipe : \PIPE\atsvc Netbios name : \\WIN-2TCJ08A60LE Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0 Description : Unknown RPC service Type : Remote RPC service Named pipe : \PIPE\atsvc Netbios name : \\WIN-2TCJ08A60LE Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0 Description : Unknown RPC service Annotation : IP Transition Configuration endpoint Type : Remote RPC service Named pipe : \PIPE\atsvc Netbios name : \\WIN-2TCJ08A60LE Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0 Description : Unknown RPC service Annotation : Proxy Manager provider server endpoint Type : Remote RPC service Named pipe : \PIPE\atsvc Netbios name : \\WIN-2TCJ08A60LE Object UUID : 00000000-0000-0000-0000-000000000000 UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0 Description : Unknown RPC service Annotation : Proxy Manager client server endpoint Type : Remote RPC service Named pipe : \PIPE\atsvc Netbios name : \\WIN-2TCJ08A60LE Object UUID : 00000000-0000-0000-0000-000000000000 UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0 Description : Unknown RPC service Annotation : Adh APIs Type : Remote RPC service Named pipe : \PIPE\atsvc Netbios name : \\WIN-2TCJ08A60LE Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0 Description : Unknown RPC service Annotation : XactSrv service Type : Remote RPC service Named pipe : \PIPE\atsvc Netbios name : \\WIN-2TCJ08A60LE Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 1a0d010f-1c33-432c-b0f5-8cf4e8053099, version 1.0 Description : Unknown RPC service Annotation : IdSegSrv service Type : Remote RPC service Named pipe : \PIPE\atsvc Netbios name : \\WIN-2TCJ08A60LE Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Remote RPC service Named pipe : \PIPE\atsvc Netbios name : \\WIN-2TCJ08A60LE Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Remote RPC service Named pipe : \PIPE\srvsvc Netbios name : \\WIN-2TCJ08A60LE Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Remote RPC service Named pipe : \PIPE\atsvc Netbios name : \\WIN-2TCJ08A60LE Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Remote RPC service Named pipe : \PIPE\srvsvc Netbios name : \\WIN-2TCJ08A60LE Object UUID : 00000000-0000-0000-0000-000000000000 UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Remote RPC service Named pipe : \PIPE\atsvc Netbios name : \\WIN-2TCJ08A60LE Object UUID : 00000000-0000-0000-0000-000000000000 UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Remote RPC service Named pipe : \PIPE\srvsvc Netbios name : \\WIN-2TCJ08A60LE Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 58e604e8-9adb-4d2e-a464-3b0683fb1480, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Remote RPC service Named pipe : \PIPE\atsvc Netbios name : \\WIN-2TCJ08A60LE Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 58e604e8-9adb-4d2e-a464-3b0683fb1480, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Remote RPC service Named pipe : \PIPE\srvsvc Netbios name : \\WIN-2TCJ08A60LE Object UUID : 00000000-0000-0000-0000-000000000000 UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0 Description : Unknown RPC service Annotation : Event log TCPIP Type : Remote RPC service Named pipe : \pipe\eventlog Netbios name : \\WIN-2TCJ08A60LE Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0 Description : Unknown RPC service Annotation : NRP server endpoint Type : Remote RPC service Named pipe : \pipe\eventlog Netbios name : \\WIN-2TCJ08A60LE Object UUID : 00000000-0000-0000-0000-000000000000 UUID : abfb6ca3-0c5e-4734-9285-0aee72fe8d1c, version 1.0 Description : Unknown RPC service Annotation : Wcm Service Type : Remote RPC service Named pipe : \pipe\eventlog Netbios name : \\WIN-2TCJ08A60LE Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0 Description : Unknown RPC service Annotation : DHCPv6 Client LRPC Endpoint Type : Remote RPC service Named pipe : \pipe\eventlog Netbios name : \\WIN-2TCJ08A60LE Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0 Description : DHCP Client Service Windows process : svchost.exe Annotation : DHCP Client LRPC Endpoint Type : Remote RPC service Named pipe : \pipe\eventlog Netbios name : \\WIN-2TCJ08A60LE Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 2d98a740-581d-41b9-aa0d-a88b9d5ce938, version 1.0 Description : Unknown RPC service Type : Remote RPC service Named pipe : \pipe\LSM_API_service Netbios name : \\WIN-2TCJ08A60LE Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 8bfc3be1-6def-4e2d-af74-7c47cd0ade4a, version 1.0 Description : Unknown RPC service Type : Remote RPC service Named pipe : \pipe\LSM_API_service Netbios name : \\WIN-2TCJ08A60LE Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 1b37ca91-76b1-4f5e-a3c7-2abfc61f2bb0, version 1.0 Description : Unknown RPC service Type : Remote RPC service Named pipe : \pipe\LSM_API_service Netbios name : \\WIN-2TCJ08A60LE Object UUID : 00000000-0000-0000-0000-000000000000 UUID : c605f9fb-f0a3-4e2a-a073-73560f8d9e3e, version 1.0 Description : Unknown RPC service Type : Remote RPC service Named pipe : \pipe\LSM_API_service Netbios name : \\WIN-2TCJ08A60LE Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 0d3e2735-cea0-4ecc-a9e2-41a2d81aed4e, version 1.0 Description : Unknown RPC service Type : Remote RPC service Named pipe : \pipe\LSM_API_service Netbios name : \\WIN-2TCJ08A60LE Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 Description : Unknown RPC service Type : Remote RPC service Named pipe : \pipe\LSM_API_service Netbios name : \\WIN-2TCJ08A60LE
|
10785 - Microsoft Windows SMB NativeLanManager Remote System Information Disclosure |
[-/+] |
Synopsis
It was possible to obtain information about the remote operating system.Description
Nessus was able to obtain the remote operating system name and version (Windows and/or Samba) by sending an authentication request to port 139 or 445. Note that this plugin requires SMB1 to be enabled on the host.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2001/10/17, Modification date: 2017/02/21Ports
tcp/445
The remote Operating System is : Windows Server 2012 R2 Datacenter 9600 The remote native LAN manager is : Windows Server 2012 R2 Datacenter 6.3 The remote SMB Domain Name is : WIN-2TCJ08A60LE
|
10859 - Microsoft Windows SMB LsaQueryInformationPolicy Function SID Enumeration |
[-/+] |
Synopsis
It is possible to obtain the host SID for the remote host.Description
By emulating the call to LsaQueryInformationPolicy(), it was possible to obtain the host SID (Security Identifier). The host SID can then be used to get the list of local users.See Also
Solution
You can prevent anonymous lookups of the host SID by setting the 'RestrictAnonymous' registry setting to an appropriate value. Refer to the 'See also' section for guidance.Risk Factor
NoneReferences
Plugin Information:
Publication date: 2002/02/13, Modification date: 2015/11/18Ports
tcp/445
The remote host SID value is : 1-5-21-1461451076-3575956778-502172295 The value of 'RestrictAnonymous' setting is : 0
|
10860 - SMB Use Host SID to Enumerate Local Users |
[-/+] |
Synopsis
Nessus was able to enumerate local users.Description
Using the host security identifier (SID), Nessus was able to enumerate local users on the remote Windows system.Solution
n/aRisk Factor
NoneReferences
Plugin Information:
Publication date: 2002/02/13, Modification date: 2017/02/02Ports
tcp/445
- Administrator (id 500, Administrator account) - Guest (id 501, Guest account) Note that, in addition to the Administrator and Guest accounts, Nessus has enumerated only those local users with IDs between 1000 and 1200. To use a different range, edit the scan policy and change the 'Start UID' and/or 'End UID' preferences for this plugin, then re-run the scan.
|
10902 - Microsoft Windows 'Administrators' Group User List |
[-/+] |
Synopsis
There is at least one user in the 'Administrators' group.Description
Using the supplied credentials, it is possible to extract the member list of the 'Administrators' group. Members of this group have complete access to the remote system.Solution
Verify that each member of the group should have this type of access.Risk Factor
NonePlugin Information:
Publication date: 2002/03/15, Modification date: 2016/08/24Ports
tcp/445
The following user is a member of the 'Administrators' group : - WIN-2TCJ08A60LE\Administrator (User)
|
11011 - Microsoft Windows SMB Service Detection |
[-/+] |
Synopsis
A file / print sharing service is listening on the remote host.Description
The remote service understands the CIFS (Common Internet File System) or Server Message Block (SMB) protocol, used to provide shared access to files, printers, etc between nodes on a network.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2002/06/05, Modification date: 2015/06/02Ports
tcp/445
A CIFS server is running on this port.
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/445
Port 445/tcp was found to be open
|
17651 - Microsoft Windows SMB : Obtains the Password Policy |
[-/+] |
Synopsis
It is possible to retrieve the remote host's password policy using the supplied credentials.Description
Using the supplied credentials it was possible to extract the password policy for the remote Windows host. The password policy must conform to the Informational System Policy.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2005/03/30, Modification date: 2015/01/12Ports
tcp/445
The following password policy is defined on the remote host: Minimum password len: 0 Password history len: 0 Maximum password age (d): 42 Password must meet complexity requirements: Enabled Minimum password age (d): 0 Forced logoff time (s): Not set Locked account time (s): 1800 Time between failed logon (s): 1800 Number of invalid logon before locked out (s): 0
|
20811 - Microsoft Windows Installed Software Enumeration (credentialed check) |
[-/+] |
Synopsis
It is possible to enumerate installed software.Description
This plugin lists software potentially installed on the remote host by crawling the registry entries in : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall HKLM\SOFTWARE\Microsoft\Updates Note that these entries do not necessarily mean the applications are actually installed on the remote host - they may have been left behind by uninstallers, or the associated files may have been manually removed.Solution
Remove any applications that are not compliant with your organization's acceptable use and security policies.Risk Factor
NonePlugin Information:
Publication date: 2006/01/26, Modification date: 2013/07/25Ports
tcp/445
The following software are installed on the remote host : ClamWin Free Antivirus 0.99.1 [installed on 2017/04/11] Mozilla Firefox 49.0.2 (x64 sv-SE) [version 49.0.2] Nmap 7.31 [version 7.31] USBPcap 1.1.0.0-g794bf26-5 [version 1.1.0.0-g794bf26-5] WinPcap 4.1.3 [version 4.1.0.2980] Wireshark 2.2.0 (64-bit) [version 2.2.0] Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 [version 12.0.30501.0] ABB SCL Component V2.9.80 [version 2.9.80] [installed on 2017/03/21] MSXML 4.0 SP3 Parser [version 4.30.2100.0] [installed on 2017/03/21] Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 [version 10.0.40219] [installed on 2017/04/11] Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 [version 9.0.30729.4148] [installed on 2016/11/02] VMware Tools [version 9.10.0.2476743] [installed on 2016/11/02] Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 [version 9.0.30729.6161] [installed on 2016/11/02] Tenable Nessus (x64) [version 6.9.0.20070] [installed on 2016/11/02] Microsoft Visual C++ 2005 Redistributable [version 8.0.61001] [installed on 2017/03/21] Tenable Passive Vulnerability Scanner [version 5.2.0] [installed on 2017/04/11] Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 [version 12.0.21005] [installed on 2017/01/23] Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 [version 9.0.30729.6161] [installed on 2016/11/02] Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 [version 12.0.21005] [installed on 2017/01/23] Adobe Refresh Manager [version 1.8.0] [installed on 2017/04/10] Adobe Acrobat Reader DC [version 15.020.20039] [installed on 2016/11/02] RTUtil560 10.5.2.0 [version 10.5.2.0] [installed on 2017/03/21] The following updates are installed : Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 : KB2151757 [version 1] [installed on 2017-04-11] KB2467173 [version 1] [installed on 2017-04-11] KB982573 [version 1] [installed on 2017-04-11]
|
20836 - Adobe Reader Detection |
[-/+] |
Synopsis
There is a PDF file viewer installed on the remote Windows host.Description
Adobe Reader, a PDF file viewer, is installed on the remote host.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2006/02/02, Modification date: 2016/03/10Ports
tcp/445
Nessus discovered the following installation of Adobe Reader : Path : C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader Version : 15.20.20039.203716
|
20862 - Mozilla Foundation Application Detection |
[-/+] |
Synopsis
The remote Windows host contains one or more applications from the Mozilla Foundation.Description
There is at least one instance of Firefox, Thunderbird, SeaMonkey, or the Mozilla browser installed on the remote Windows host.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2006/02/05, Modification date: 2017/03/31Ports
tcp/445
Product : Mozilla Firefox Path : C:\Program Files\Mozilla Firefox Version : 49.0.2
|
34112 - Wireshark / Ethereal Detection (Windows) |
[-/+] |
Synopsis
A network protocol analyzer is installed on the remote host.Description
Wireshark (formerly known as Ethereal) is installed on the remote Windows host. Wireshark is a popular open source network protocol analyzer (sniffer) typically used for network troubleshooting and protocol analysis.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2008/09/09, Modification date: 2015/01/12Ports
tcp/445
Application : Wireshark Path : C:\Program Files\Wireshark Version : 2.2.0
|
35730 - Microsoft Windows USB Device Usage Report |
[-/+] |
Synopsis
It was possible to get a list of USB devices that may have been connected to the remote system in the past.Description
Using the supplied credentials, this plugin enumerates USB devices that have been connected to the remote Windows host in the past.See Also
Solution
Make sure that the use of USB drives is in accordance with your organization's security policy.Risk Factor
NonePlugin Information:
Publication date: 2009/02/24, Modification date: 2016/05/11Ports
tcp/445
The following is a list of USB devices that have been connected to remote system at least once in the past : Device Name : CBM USB2.0 USB Device Last Inserted Time : Apr. 11, 2017 at 14:22:22 GMT First used : unknown Device Name : Kingston DataTraveler 3.0 USB Device Last Inserted Time : Apr. 10, 2017 at 10:08:10 GMT First used : unknown (Note that for a complete listing of 'First used' times you should run this test with the option 'thorough_tests' enabled.)
|
44401 - Microsoft Windows SMB Service Config Enumeration |
[-/+] |
Synopsis
It was possible to enumerate configuration parameters of remote services.Description
Nessus was able to obtain, via the SMB protocol, the launch parameters of each active service on the remote host (executable path, logon type, etc).Solution
Ensure that each service is configured properly.Risk Factor
NonePlugin Information:
Publication date: 2010/02/05, Modification date: 2016/10/20Ports
tcp/445
The following services are set to start automatically : AdobeARMservice startup parameters : Display name : Adobe Acrobat Update Service Service name : AdobeARMservice Log on as : LocalSystem Executable path : "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" BFE startup parameters : Display name : Base Filtering Engine Service name : BFE Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork Dependencies : RpcSs/WfpLwfs/ CryptSvc startup parameters : Display name : Cryptographic Services Service name : CryptSvc Log on as : NT Authority\NetworkService Executable path : C:\Windows\system32\svchost.exe -k NetworkService Dependencies : RpcSs/ Dhcp startup parameters : Display name : DHCP Client Service name : Dhcp Log on as : NT Authority\LocalService Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted Dependencies : NSI/Tdx/Afd/ Dnscache startup parameters : Display name : DNS Client Service name : Dnscache Log on as : NT AUTHORITY\NetworkService Executable path : C:\Windows\system32\svchost.exe -k NetworkService Dependencies : Tdx/nsi/ EventLog startup parameters : Display name : Windows Event Log Service name : EventLog Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted EventSystem startup parameters : Display name : COM+ Event System Service name : EventSystem Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\system32\svchost.exe -k LocalService Dependencies : rpcss/ FontCache startup parameters : Display name : Windows Font Cache Service Service name : FontCache Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\system32\svchost.exe -k LocalService LanmanServer startup parameters : Display name : Server Service name : LanmanServer Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k netsvcs Dependencies : SamSS/Srv2/ LanmanWorkstation startup parameters : Display name : Workstation Service name : LanmanWorkstation Log on as : NT AUTHORITY\NetworkService Executable path : C:\Windows\System32\svchost.exe -k NetworkService Dependencies : Bowser/MRxSmb20/NSI/ MpsSvc startup parameters : Display name : Windows Firewall Service name : MpsSvc Log on as : NT Authority\LocalService Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork Dependencies : mpsdrv/bfe/ NlaSvc startup parameters : Display name : Network Location Awareness Service name : NlaSvc Log on as : NT AUTHORITY\NetworkService Executable path : C:\Windows\System32\svchost.exe -k NetworkService Dependencies : NSI/RpcSs/TcpIp/Dhcp/Eventlog/ Power startup parameters : Display name : Power Service name : Power Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch ProfSvc startup parameters : Display name : User Profile Service Service name : ProfSvc Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k netsvcs Dependencies : RpcSs/ RemoteRegistry startup parameters : Display name : Remote Registry Service name : RemoteRegistry Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\system32\svchost.exe -k localService Dependencies : RPCSS/ SENS startup parameters : Display name : System Event Notification Service Service name : SENS Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k netsvcs Dependencies : EventSystem/ SamSs startup parameters : Display name : Security Accounts Manager Service name : SamSs Log on as : LocalSystem Executable path : C:\Windows\system32\lsass.exe Dependencies : RPCSS/ ShellHWDetection startup parameters : Display name : Shell Hardware Detection Service name : ShellHWDetection Log on as : LocalSystem Executable path : C:\Windows\System32\svchost.exe -k netsvcs Dependencies : RpcSs/ Spooler startup parameters : Display name : Print Spooler Service name : Spooler Log on as : LocalSystem Executable path : C:\Windows\System32\spoolsv.exe Dependencies : RPCSS/http/ Tenable Nessus startup parameters : Display name : Tenable Nessus Service name : Tenable Nessus Log on as : LocalSystem Executable path : "C:\Program Files\Tenable\Nessus\nessus-service.exe" Tenable PVS Proxy startup parameters : Display name : Tenable PVS Proxy Service Service name : Tenable PVS Proxy Log on as : LocalSystem Executable path : "C:\Program Files\Tenable\PVS\pvs-proxy-service.exe" Themes startup parameters : Display name : Themes Service name : Themes Log on as : LocalSystem Executable path : C:\Windows\System32\svchost.exe -k netsvcs TrkWks startup parameters : Display name : Distributed Link Tracking Client Service name : TrkWks Log on as : LocalSystem Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted Dependencies : RpcSs/ UALSVC startup parameters : Display name : User Access Logging Service Service name : UALSVC Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted Dependencies : WinMgmt/ VGAuthService startup parameters : Display name : VMware Alias Manager and Ticket Service Service name : VGAuthService Log on as : LocalSystem Executable path : "C:\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe" VMTools startup parameters : Display name : VMware Tools Service name : VMTools Log on as : LocalSystem Executable path : "C:\Program Files\VMware\VMware Tools\vmtoolsd.exe" Wcmsvc startup parameters : Display name : Windows Connection Manager Service name : Wcmsvc Log on as : NT Authority\LocalService Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted Dependencies : RpcSs/ WinRM startup parameters : Display name : Windows Remote Management (WS-Management) Service name : WinRM Log on as : NT AUTHORITY\NetworkService Executable path : C:\Windows\System32\svchost.exe -k NetworkService Dependencies : RPCSS/HTTP/ Winmgmt startup parameters : Display name : Windows Management Instrumentation Service name : Winmgmt Log on as : localSystem Executable path : C:\Windows\system32\svchost.exe -k netsvcs Dependencies : RPCSS/ iphlpsvc startup parameters : Display name : IP Helper Service name : iphlpsvc Log on as : LocalSystem Executable path : C:\Windows\System32\svchost.exe -k NetSvcs Dependencies : RpcSS/Tdx/winmgmt/tcpip/nsi/WinHttpAutoProxySvc/ lmhosts startup parameters : Display name : TCP/IP NetBIOS Helper Service name : lmhosts Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted Dependencies : NetBT/Afd/ nsi startup parameters : Display name : Network Store Interface Service Service name : nsi Log on as : NT Authority\LocalService Executable path : C:\Windows\system32\svchost.exe -k LocalService Dependencies : rpcss/nsiproxy/ The following services must be started manually : ALG startup parameters : Display name : Application Layer Gateway Service Service name : ALG Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\System32\alg.exe AeLookupSvc startup parameters : Display name : Application Experience Service name : AeLookupSvc Log on as : localSystem Executable path : C:\Windows\system32\svchost.exe -k netsvcs AppIDSvc startup parameters : Display name : Application Identity Service name : AppIDSvc Log on as : NT Authority\LocalService Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted Dependencies : RpcSs/AppID/CryptSvc/ AppMgmt startup parameters : Display name : Application Management Service name : AppMgmt Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k netsvcs AppReadiness startup parameters : Display name : App Readiness Service name : AppReadiness Log on as : LocalSystem Executable path : C:\Windows\System32\svchost.exe -k AppReadiness AppXSvc startup parameters : Display name : AppX Deployment Service (AppXSVC) Service name : AppXSvc Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k wsappx Dependencies : rpcss/ Appinfo startup parameters : Display name : Application Information Service name : Appinfo Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k netsvcs Dependencies : RpcSs/ProfSvc/ AudioEndpointBuilder startup parameters : Display name : Windows Audio Endpoint Builder Service name : AudioEndpointBuilder Log on as : LocalSystem Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted Audiosrv startup parameters : Display name : Windows Audio Service name : Audiosrv Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted Dependencies : AudioEndpointBuilder/RpcSs/MMCSS/ BITS startup parameters : Display name : Background Intelligent Transfer Service Service name : BITS Log on as : LocalSystem Executable path : C:\Windows\System32\svchost.exe -k netsvcs Dependencies : RpcSs/EventSystem/ COMSysApp startup parameters : Display name : COM+ System Application Service name : COMSysApp Log on as : LocalSystem Executable path : C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} Dependencies : RpcSs/EventSystem/SENS/ DeviceAssociationService startup parameters : Display name : Device Association Service Service name : DeviceAssociationService Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted DeviceInstall startup parameters : Display name : Device Install Service Service name : DeviceInstall Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch DsmSvc startup parameters : Display name : Device Setup Manager Service name : DsmSvc Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k netsvcs Dependencies : RpcSs/HTTP/ Eaphost startup parameters : Display name : Extensible Authentication Protocol Service name : Eaphost Log on as : localSystem Executable path : C:\Windows\System32\svchost.exe -k netsvcs Dependencies : RPCSS/KeyIso/ FDResPub startup parameters : Display name : Function Discovery Resource Publication Service name : FDResPub Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation Dependencies : RpcSs/http/ IEEtwCollectorService startup parameters : Display name : Internet Explorer ETW Collector Service Service name : IEEtwCollectorService Log on as : LocalSystem Executable path : C:\Windows\system32\IEEtwCollector.exe /V IKEEXT startup parameters : Display name : IKE and AuthIP IPsec Keying Modules Service name : IKEEXT Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k netsvcs Dependencies : BFE/ KPSSVC startup parameters : Display name : KDC Proxy Server service (KPS) Service name : KPSSVC Log on as : NT AUTHORITY\NetworkService Executable path : C:\Windows\system32\svchost.exe -k KpsSvcGroup Dependencies : rpcss/http/ KeyIso startup parameters : Display name : CNG Key Isolation Service name : KeyIso Log on as : LocalSystem Executable path : C:\Windows\system32\lsass.exe Dependencies : RpcSs/ KtmRm startup parameters : Display name : KtmRm for Distributed Transaction Coordinator Service name : KtmRm Log on as : NT AUTHORITY\NetworkService Executable path : C:\Windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation Dependencies : RPCSS/SamSS/ MMCSS startup parameters : Display name : Multimedia Class Scheduler Service name : MMCSS Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k netsvcs MSiSCSI startup parameters : Display name : Microsoft iSCSI Initiator Service Service name : MSiSCSI Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k netsvcs NcaSvc startup parameters : Display name : Network Connectivity Assistant Service name : NcaSvc Log on as : LocalSystem Executable path : C:\Windows\System32\svchost.exe -k NetSvcs Dependencies : BFE/dnscache/NSI/iphlpsvc/ Netlogon startup parameters : Display name : Netlogon Service name : Netlogon Log on as : LocalSystem Executable path : C:\Windows\system32\lsass.exe Dependencies : LanmanWorkstation/ Netman startup parameters : Display name : Network Connections Service name : Netman Log on as : LocalSystem Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted Dependencies : RpcSs/nsi/ PerfHost startup parameters : Display name : Performance Counter DLL Host Service name : PerfHost Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\SysWow64\perfhost.exe Dependencies : RPCSS/ PlugPlay startup parameters : Display name : Plug and Play Service name : PlugPlay Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch PolicyAgent startup parameters : Display name : IPsec Policy Agent Service name : PolicyAgent Log on as : NT Authority\NetworkService Executable path : C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted Dependencies : Tcpip/bfe/ PrintNotify startup parameters : Display name : Printer Extensions and Notifications Service name : PrintNotify Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k print Dependencies : RpcSs/ RSoPProv startup parameters : Display name : Resultant Set of Policy Provider Service name : RSoPProv Log on as : LocalSystem Executable path : C:\Windows\system32\RSoPProv.exe Dependencies : RPCSS/ RasAuto startup parameters : Display name : Remote Access Auto Connection Manager Service name : RasAuto Log on as : localSystem Executable path : C:\Windows\System32\svchost.exe -k netsvcs Dependencies : RasAcd/ RasMan startup parameters : Display name : Remote Access Connection Manager Service name : RasMan Log on as : localSystem Executable path : C:\Windows\System32\svchost.exe -k netsvcs Dependencies : SstpSvc/ RpcLocator startup parameters : Display name : Remote Procedure Call (RPC) Locator Service name : RpcLocator Log on as : NT AUTHORITY\NetworkService Executable path : C:\Windows\system32\locator.exe SNMPTRAP startup parameters : Display name : SNMP Trap Service name : SNMPTRAP Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\System32\snmptrap.exe SessionEnv startup parameters : Display name : Remote Desktop Configuration Service name : SessionEnv Log on as : localSystem Executable path : C:\Windows\System32\svchost.exe -k netsvcs Dependencies : RPCSS/LanmanWorkstation/ SstpSvc startup parameters : Display name : Secure Socket Tunneling Protocol Service Service name : SstpSvc Log on as : NT Authority\LocalService Executable path : C:\Windows\system32\svchost.exe -k LocalService SysMain startup parameters : Display name : Superfetch Service name : SysMain Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted Dependencies : rpcss/ THREADORDER startup parameters : Display name : Thread Ordering Server Service name : THREADORDER Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\system32\svchost.exe -k LocalService TapiSrv startup parameters : Display name : Telephony Service name : TapiSrv Log on as : NT AUTHORITY\NetworkService Executable path : C:\Windows\System32\svchost.exe -k tapisrv Dependencies : RpcSs/ TermService startup parameters : Display name : Remote Desktop Services Service name : TermService Log on as : NT Authority\NetworkService Executable path : C:\Windows\System32\svchost.exe -k termsvcs Dependencies : RPCSS/ TieringEngineService startup parameters : Display name : Storage Tiers Management Service name : TieringEngineService Log on as : localSystem Executable path : C:\Windows\system32\TieringEngineService.exe UI0Detect startup parameters : Display name : Interactive Services Detection Service name : UI0Detect Log on as : LocalSystem Executable path : C:\Windows\system32\UI0Detect.exe UmRdpService startup parameters : Display name : Remote Desktop Services UserMode Port Redirector Service name : UmRdpService Log on as : localSystem Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted Dependencies : TermService/RDPDR/ VSS startup parameters : Display name : Volume Shadow Copy Service name : VSS Log on as : LocalSystem Executable path : C:\Windows\system32\vssvc.exe Dependencies : RPCSS/ VaultSvc startup parameters : Display name : Credential Manager Service name : VaultSvc Log on as : LocalSystem Executable path : C:\Windows\system32\lsass.exe Dependencies : rpcss/ W32Time startup parameters : Display name : Windows Time Service name : W32Time Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\system32\svchost.exe -k LocalService WEPHOSTSVC startup parameters : Display name : Windows Encryption Provider Host Service Service name : WEPHOSTSVC Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\system32\svchost.exe -k WepHostSvcGroup Dependencies : rpcss/ WPDBusEnum startup parameters : Display name : Portable Device Enumerator Service Service name : WPDBusEnum Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted Dependencies : RpcSs/ WcsPlugInService startup parameters : Display name : Windows Color System Service name : WcsPlugInService Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\system32\svchost.exe -k wcssvc Dependencies : RpcSs/ Wecsvc startup parameters : Display name : Windows Event Collector Service name : Wecsvc Log on as : NT AUTHORITY\NetworkService Executable path : C:\Windows\system32\svchost.exe -k NetworkService Dependencies : HTTP/Eventlog/ WerSvc startup parameters : Display name : Windows Error Reporting Service Service name : WerSvc Log on as : localSystem Executable path : C:\Windows\System32\svchost.exe -k WerSvcGroup WinHttpAutoProxySvc startup parameters : Display name : WinHTTP Web Proxy Auto-Discovery Service Service name : WinHttpAutoProxySvc Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\system32\svchost.exe -k LocalService Dependencies : Dhcp/ defragsvc startup parameters : Display name : Optimize drives Service name : defragsvc Log on as : localSystem Executable path : C:\Windows\system32\svchost.exe -k defragsvc Dependencies : RPCSS/ dot3svc startup parameters : Display name : Wired AutoConfig Service name : dot3svc Log on as : localSystem Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted Dependencies : RpcSs/Ndisuio/Eaphost/ fdPHost startup parameters : Display name : Function Discovery Provider Host Service name : fdPHost Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\system32\svchost.exe -k LocalService Dependencies : RpcSs/http/ hidserv startup parameters : Display name : Human Interface Device Service Service name : hidserv Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted hkmsvc startup parameters : Display name : Health Key and Certificate Management Service name : hkmsvc Log on as : localSystem Executable path : C:\Windows\System32\svchost.exe -k netsvcs Dependencies : RpcSs/ lltdsvc startup parameters : Display name : Link-Layer Topology Discovery Mapper Service name : lltdsvc Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\System32\svchost.exe -k LocalService Dependencies : rpcss/lltdio/ msiserver startup parameters : Display name : Windows Installer Service name : msiserver Log on as : LocalSystem Executable path : C:\Windows\system32\msiexec.exe /V Dependencies : rpcss/ napagent startup parameters : Display name : Network Access Protection Agent Service name : napagent Log on as : NT AUTHORITY\NetworkService Executable path : C:\Windows\System32\svchost.exe -k NetworkService Dependencies : RpcSs/ netprofm startup parameters : Display name : Network List Service Service name : netprofm Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\System32\svchost.exe -k LocalService Dependencies : RpcSs/nlasvc/ pla startup parameters : Display name : Performance Logs & Alerts Service name : pla Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork Dependencies : RPCSS/ rpcapd startup parameters : Display name : Remote Packet Capture Protocol v.0 (experimental) Service name : rpcapd Log on as : LocalSystem Executable path : "C:\Program Files (x86)\WinPcap\rpcapd.exe" -d -f "C:\Program Files (x86)\WinPcap\rpcapd.ini" sacsvr startup parameters : Display name : Special Administration Console Helper Service name : sacsvr Log on as : LocalSystem Executable path : C:\Windows\System32\svchost.exe -k netsvcs seclogon startup parameters : Display name : Secondary Logon Service name : seclogon Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k netsvcs smphost startup parameters : Display name : Microsoft Storage Spaces SMP Service name : smphost Log on as : NT AUTHORITY\NetworkService Executable path : C:\Windows\System32\svchost.exe -k smphost Dependencies : RPCSS/ svsvc startup parameters : Display name : Spot Verifier Service name : svsvc Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted swprv startup parameters : Display name : Microsoft Software Shadow Copy Provider Service name : swprv Log on as : LocalSystem Executable path : C:\Windows\System32\svchost.exe -k swprv Dependencies : RPCSS/ vds startup parameters : Display name : Virtual Disk Service name : vds Log on as : LocalSystem Executable path : C:\Windows\System32\vds.exe Dependencies : RpcSs/ vmicguestinterface startup parameters : Display name : Hyper-V Guest Service Interface Service name : vmicguestinterface Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted vmicheartbeat startup parameters : Display name : Hyper-V Heartbeat Service Service name : vmicheartbeat Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k ICService vmickvpexchange startup parameters : Display name : Hyper-V Data Exchange Service Service name : vmickvpexchange Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted vmicrdv startup parameters : Display name : Hyper-V Remote Desktop Virtualization Service Service name : vmicrdv Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k ICService vmicshutdown startup parameters : Display name : Hyper-V Guest Shutdown Service Service name : vmicshutdown Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted vmictimesync startup parameters : Display name : Hyper-V Time Synchronization Service Service name : vmictimesync Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted vmicvss startup parameters : Display name : Hyper-V Volume Shadow Copy Requestor Service name : vmicvss Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted vmvss startup parameters : Display name : VMware Snapshot Provider Service name : vmvss Log on as : LocalSystem Executable path : C:\Windows\system32\dllhost.exe /Processid:{BEE79850-A49B-4A97-9419-38B7EB5DBA57} Dependencies : rpcss/ wercplsupport startup parameters : Display name : Problem Reports and Solutions Control Panel Support Service name : wercplsupport Log on as : localSystem Executable path : C:\Windows\System32\svchost.exe -k netsvcs wmiApSrv startup parameters : Display name : WMI Performance Adapter Service name : wmiApSrv Log on as : localSystem Executable path : C:\Windows\system32\wbem\WmiApSrv.exe wuauserv startup parameters : Display name : Windows Update Service name : wuauserv Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k netsvcs Dependencies : rpcss/ wudfsvc startup parameters : Display name : Windows Driver Foundation - User-mode Driver Framework Service name : wudfsvc Log on as : LocalSystem Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted Dependencies : WudfPf/ The following services are disabled : Browser startup parameters : Display name : Computer Browser Service name : Browser Log on as : LocalSystem Executable path : C:\Windows\System32\svchost.exe -k netsvcs Dependencies : LanmanWorkstation/LanmanServer/ NetTcpPortSharing startup parameters : Display name : Net.Tcp Port Sharing Service Service name : NetTcpPortSharing Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe RemoteAccess startup parameters : Display name : Routing and Remote Access Service name : RemoteAccess Log on as : localSystem Executable path : C:\Windows\System32\svchost.exe -k netsvcs Dependencies : RpcSS/Bfe/RasMan/Http/+NetBIOSGroup/ SSDPSRV startup parameters : Display name : SSDP Discovery Service name : SSDPSRV Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation Dependencies : HTTP/ SharedAccess startup parameters : Display name : Internet Connection Sharing (ICS) Service name : SharedAccess Log on as : LocalSystem Executable path : C:\Windows\System32\svchost.exe -k netsvcs Dependencies : Netman/WinMgmt/BFE/ upnphost startup parameters : Display name : UPnP Device Host Service name : upnphost Log on as : NT AUTHORITY\LocalService Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation Dependencies : SSDPSRV/HTTP/
|
48942 - Microsoft Windows SMB Registry : OS Version and Processor Architecture |
[-/+] |
Synopsis
It was possible to determine the processor architecture, build lab strings, and Windows OS version installed on the remote system.Description
Nessus was able to determine the the processor architecture, build lab strings, and the Windows OS version installed on the remote system by connecting to the remote registry with the supplied credentials.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2010/08/31, Modification date: 2016/11/16Ports
tcp/445
Operating system version = 6.3.9600 Architecture = x64 Build lab extended = 9600.16384.amd64fre.winblue_rtm.130821-1623
|
51351 - Microsoft .NET Framework Detection |
[-/+] |
Synopsis
A software framework is installed on the remote host.Description
Microsoft .NET Framework, a software framework for Microsoft Windows operating systems, is installed on the remote host.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2010/12/20, Modification date: 2016/10/14Ports
tcp/445
The remote host has following version(s) of Microsoft .NET Framework installed : + Version : 4.5.1 - Install Type : Full - Full Version : 4.5.51641 - Path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ + Version : 4.5.1 - Install Type : Client - Full Version : 4.5.51641 - Path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
|
57033 - Microsoft Patch Bulletin Feasibility Check |
[-/+] |
Synopsis
Nessus is able to check for Microsoft patch bulletins.Description
Using credentials supplied in the scan policy, Nessus is able to collect information about the software and patches installed on the remote Windows host and will use that information to check for missing Microsoft security updates. Note that this plugin is purely informational.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2011/12/06, Modification date: 2016/02/12Ports
tcp/445
Nessus is able to test for missing patches using : Nessus
|
58181 - Windows DNS Server Enumeration |
[-/+] |
Synopsis
Nessus enumerated the DNS servers being used by the remote Windows host.Description
Nessus was able to enumerate the DNS servers configured on the remote Windows host by looking in the registry.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2012/03/01, Modification date: 2015/03/17Ports
tcp/445
Nessus enumerated DNS servers for the following interfaces : Interface: {7AE3640C-2C9E-4A1C-B9CE-4EDDFFCDCABB} Network Connection : Ethernet1 NameServer: 10.1.1.1,192.168.109.21 Interface: Default DhcpNameServer: 192.168.109.21 192.168.109.2 192.168.109.100
|
58452 - Microsoft Windows Startup Software Enumeration |
[-/+] |
Synopsis
It is possible to enumerate startup software.Description
This plugin lists software that is configured to run on system startup by crawling the registry entries in : - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run - HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersi on\RunSolution
Review the list of applications and remove any that are not compliant with your organization's acceptable use and security policies.Risk Factor
NonePlugin Information:
Publication date: 2012/03/23, Modification date: 2015/01/12Ports
tcp/445
The following startup item was found : ClamWin - C:\Program Files (x86)\ClamWin\bin\ClamTray.exe VMware User Process - C:\Program Files\VMware\VMware Tools\vmtoolsd.exe
|
63080 - Microsoft Windows Mounted Devices |
[-/+] |
Synopsis
It is possible to get a list of mounted devices that may have been connected to the remote system in the past.Description
By connecting to the remote host with the supplied credentials, this plugin enumerates mounted devices that have been connected to the remote host in the past.See Also
Solution
Make sure that the mounted drives agree with your organization's acceptable use and security policies.Risk Factor
NonePlugin Information:
Publication date: 2012/11/28, Modification date: 2012/11/28Ports
tcp/445
Name : \dosdevices\e: Data : _??_USBSTOR#Disk&Ven_CBM&Prod_USB2.0&Rev_5.00#211618009C259212&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f00430042004d002600500072006f0064005f0055005300420032002e00300026005200650076005f0035002e0030003000230032003100310036003100380030003000390043003200350039003200310032002600300023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 Name : \??\volume{53a39147-a006-11e6-80b0-806e6f6e6963} Data : \??\IDE#CdRomNECVMWar_VMware_IDE_CDR10_______________1.00____#5&290fd3ab&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} Raw data : 5c003f003f005c0049004400450023004300640052006f006d004e004500430056004d005700610072005f0056004d0077006100720065005f004900440045005f00430044005200310030005f005f005f005f005f005f005f005f005f005f005f005f005f005f005f0031002e00300030005f005f005f005f002300350026003200390030006600640033006100620026003000260031002e0030002e00300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 Name : \??\volume{53a39142-a006-11e6-80b0-806e6f6e6963} Data : Q8 Raw data : eb5138810000100000000000 Name : \dosdevices\d: Data : \??\IDE#CdRomNECVMWar_VMware_IDE_CDR10_______________1.00____#5&290fd3ab&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} Raw data : 5c003f003f005c0049004400450023004300640052006f006d004e004500430056004d005700610072005f0056004d0077006100720065005f004900440045005f00430044005200310030005f005f005f005f005f005f005f005f005f005f005f005f005f005f005f0031002e00300030005f005f005f005f002300350026003200390030006600640033006100620026003000260031002e0030002e00300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 Name : \??\volume{53a39143-a006-11e6-80b0-806e6f6e6963} Data : Q8 Raw data : eb5138810000f01500000000 Name : \dosdevices\c: Data : Q8 Raw data : eb5138810000f01500000000 Name : \??\volume{e48723df-f854-11e6-80b8-000c29654aa4} Data : _??_USBSTOR#Disk&Ven_CBM&Prod_USB2.0&Rev_5.00#211618009C259212&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f00430042004d002600500072006f0064005f0055005300420032002e00300026005200650076005f0035002e0030003000230032003100310036003100380030003000390043003200350039003200310032002600300023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 Name : \dosdevices\a: Data : \??\FDC#GENERIC_FLOPPY_DRIVE#6&2bc13940&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} Raw data : 5c003f003f005c004600440043002300470045004e0045005200490043005f0046004c004f005000500059005f004400520049005600450023003600260032006200630031003300390034003000260030002600300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 Name : \??\volume{53a39148-a006-11e6-80b0-806e6f6e6963} Data : \??\FDC#GENERIC_FLOPPY_DRIVE#6&2bc13940&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} Raw data : 5c003f003f005c004600440043002300470045004e0045005200490043005f0046004c004f005000500059005f004400520049005600450023003600260032006200630031003300390034003000260030002600300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00
|
66517 - Adobe Reader Enabled in Browser (Internet Explorer) |
[-/+] |
Synopsis
The remote host has Adobe Reader enabled for Internet Explorer.Description
Adobe Reader is enabled in Internet Explorer.Solution
Disable Adobe Reader unless it is needed.Risk Factor
NonePlugin Information:
Publication date: 2013/05/20, Modification date: 2016/06/13Ports
tcp/445
Adobe Reader is enabled for the following SIDs : S-1-5-21-1461451076-3575956778-502172295-500 Note that this check may be incomplete as Nessus can only check the SIDs of logged on users.
|
71156 - Tenable Passive Vulnerability Scanner Installed (Windows) (credentialed check) |
[-/+] |
Synopsis
A vulnerability scanner is installed on the remote Windows host.Description
Tenable Passive Vulnerability Scanner (PVS) is installed on the remote Windows host.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2013/12/02, Modification date: 2017/04/03Ports
tcp/445
Path : C:\Program Files\Tenable\PVS\ Version : 5.2.0
|
72367 - Microsoft Internet Explorer Version Detection |
[-/+] |
Synopsis
Internet Explorer is installed on the remote host.Description
The remote Windows host contains Internet Explorer, a web browser created by Microsoft.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2014/02/06, Modification date: 2014/02/13Ports
tcp/445
Version : 11.0.9600.16384
|
72879 - Microsoft Internet Explorer Enhanced Security Configuration Detection |
[-/+] |
Synopsis
The remote host supports IE Enhanced Security Configuration.Description
Nessus detects if the remote Windows host supports IE Enhanced Security Configuration (ESC) and if IE ESC features are enabled or disabled.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2014/03/07, Modification date: 2017/04/03Ports
tcp/445
Type : Admin Groups Is Enabled : True Type : User Groups Is Enabled : True
|
73990 - MS KB2871997: Update to Improve Credentials Protection and Management |
[-/+] |
Synopsis
The remote Windows host is missing an update to improve credentials protection and management.Description
The remote host is missing one or more of the following Microsoft updates: KB2871997, KB2973351, KB2975625, KB2982378, KB2984972, KB2984976, KB2984981, KB2973501, or KB3126593. These updates are needed to improve the protection against possible credential theft. - For Windows 7 / 2008 R2 : KB2984972, KB2871997, KB2982378, and KB2973351 are required; also, KB2984976 (if KB2592687 is installed) or KB2984981 (if KB2830477 is installed). - For Windows 8 / 2012 : KB2973501, KB2871997, and KB2973351 are required. - For Windows 8.1 / 2012 R2 : KB2973351 (if Update 1 is installed) or KB2975625 (if Update 1 isn't installed). These updates provide additional protection for the Local Security Authority (LSA), add a restricted administrative mode for Credential Security Support Provider (CredSSP), introduce support for the protected account-restricted domain user category, enforce stricter authentication policies, add additional protection for users' credentials, and add a restricted administrative mode for Remote Desktop Connection and Remote Desktop Protocol.See Also
Solution
Microsoft has released a set of patches for Windows 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.Risk Factor
NoneSTIG Severity
IIReferences
Plugin Information:
Publication date: 2014/05/14, Modification date: 2017/02/06Ports
tcp/445
- C:\Windows\system32\lsasrv.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.16670 - C:\Windows\system32\ntdll.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18202 - C:\Windows\system32\ntdll.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18194 - C:\Windows\system32\kernelbase.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18264 Missing KBs : 2975625
|
82779 - MS KB3045755: Update to Improve PKU2U Authentication |
[-/+] |
Synopsis
The remote Windows host is missing a security update.Description
The remote Windows host is missing a security update that improves the authentication used by the Public Key Cryptography User-to-User (PKU2U) security support provider (SSP).See Also
Solution
Microsoft has released a set of updates for Windows 8.1, RT 8.1, and 2012 R2.Risk Factor
NonePlugin Information:
Publication date: 2015/04/14, Modification date: 2015/04/15Ports
tcp/445
- C:\Windows\system32\Pku2u.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.17728
|
83359 - MS KB3042058: Update to Default Cipher Suite Priority Order |
[-/+] |
Synopsis
The remote Windows host is missing an update to the cipher suite.Description
The remote Windows host is missing an update to the cryptographic cipher suite prioritization. The update adds additional cipher suites and improves cipher suite priority ordering.See Also
Solution
Microsoft has released a set of patches for Windows 7, 2008 R2, 8, 2012, 8.1, and 2012 R2. Note that Microsoft has only made this update available via the Microsoft Download Center. It will be available via Microsoft Update and WSUS in Q4 of 2015.Risk Factor
NonePlugin Information:
Publication date: 2015/05/12, Modification date: 2015/05/13Ports
tcp/445
- C:\Windows\system32\Schannel.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.17728
|
85880 - MS KB3083992: Update to Improve AppLocker Publisher Rule Enforcement |
[-/+] |
Synopsis
The remote Windows host is missing a security update that prevents a potential rules bypass.Description
The remote Windows host is missing KB3083992, a defense-in-depth update that improves the enforcement of publisher rules by Windows AppLocker. Specifically, the update corrects how AppLocker handles certificates to prevent bypassing publisher rules.See Also
Solution
Install Microsoft KB3083992.Risk Factor
NoneSTIG Severity
IIReferences
Plugin Information:
Publication date: 2015/09/09, Modification date: 2015/09/13Ports
tcp/445
- C:\Windows\system32\Appidsvc.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18002
|
87876 - MS KB3109853: Update to Improve TLS Session Resumption Interoperability |
[-/+] |
Synopsis
The remote Windows host is missing an update to the TLS implementation in SChannel.Description
The remote Windows host is missing an update to the Transport Layer Security (TLS) protocol implementation in SChannel. The update improves the interoperability between Schannel-based TLS clients and 3rd-party TLS servers that enable RFC5077-based resumption and that send the NewSessionTicket message in the abbreviated TLS handshake. This update also addresses an issue in schannel.dll that could cause an RFC5077 session ticket-based resumption to fail, subsequently causing WinInet-based clients to perform a fallback to a lower TLS protocol version than what would have been otherwise negotiated.See Also
Solution
Microsoft has released a set of patches for Windows 8, RT, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
NonePlugin Information:
Publication date: 2016/01/12, Modification date: 2016/01/13Ports
tcp/445
- C:\Windows\system32\Schannel.dll has not been patched. Remote version : 6.3.9600.16384 Should be : 6.3.9600.18154
|
96534 - Firefox Browser Extension Enumeration |
[-/+] |
Synopsis
One or more Firefox browser extensions are installed on the remote host.Description
Nessus was able to enumerate Firefox browser extensions installed on the remote host.See Also
Solution
Make sure that the use and configuration of these extensions comply with your organization's acceptable use and security policies.Risk Factor
NonePlugin Information:
Publication date: 2017/01/16, Modification date: 2017/04/03Ports
tcp/445
User : Administrator |- Browser : Firefox |- Extension information : Name : Default Description : The default theme. Version : 49.0.2 Install Date : Oct. 20, 2016 at 00:29:47 GMT Update Date : Oct. 20, 2016 at 00:29:47 GMT Path : C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi ID : {972ce4c6-7e08-4474-a285-3208198ce6fd} Status : Enabled Name : Multi-process staged rollout Description : Staged rollout of Firefox multi-process feature. Version : 1.3 Install Date : Oct. 20, 2016 at 00:29:47 GMT Update Date : Oct. 20, 2016 at 00:29:47 GMT Path : C:\Program Files\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi ID : e10srollout@mozilla.org Status : Enabled Name : Pocket Description : When you find something you want to view later, put it in Pocket. Version : 1.0.4 Install Date : Oct. 20, 2016 at 00:29:47 GMT Update Date : Oct. 20, 2016 at 00:29:47 GMT Path : C:\Program Files\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi ID : firefox@getpocket.com Status : Enabled Name : Web Compat Description : Urgent post-release fixes for web compatibility. Version : 1.0 Install Date : Oct. 20, 2016 at 00:29:47 GMT Update Date : Oct. 20, 2016 at 00:29:47 GMT Path : C:\Program Files\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi ID : webcompat@mozilla.org Status : Enabled
|
97086 - Server Message Block (SMB) Protocol Version 1 Enabled |
[-/+] |
Synopsis
The remote Windows host supports the SMBv1 protocol.Description
The remote Windows host supports Server Message Block Protocol version 1 (SMBv1). Microsoft recommends that users discontinue the use of SMBv1 due to the lack of security features that were included in later SMB versions. Additionally, the Shadow Brokers group reportedly has an exploit that affects SMB; however, it is unknown if the exploit affects SMBv1 or another version. In response to this, US-CERT recommends that users disable SMBv1 per SMB best practices to mitigate these potential issues.See Also
Solution
Disable SMBv1 according to the vendor instructions in Microsoft KB2696547. Additionally, block SMB directly by blocking TCP port 445 on all network boundary devices. For SMB over the NetBIOS API, block TCP ports 137 / 139 and UDP ports 137 / 138 on all network boundary devices.Risk Factor
NoneReferences
Plugin Information:
Publication date: 2017/02/09, Modification date: 2017/03/09Ports
tcp/445
SMBv1 server is enabled : - HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB1 : NULL or missing SMB1protocol feature is enabled based on the following key : - HKLM\SYSTEM\CurrentControlSet\Services\srv
1025/tcp
|
10736 - DCE Services Enumeration |
[-/+] |
Synopsis
A DCE/RPC service is running on the remote host.Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2001/08/26, Modification date: 2014/05/12Ports
tcp/1025
The following DCERPC services are available on TCP port 1025 : Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91 UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0 Description : Unknown RPC service Type : Remote RPC service TCP Port : 1025 IP : 10.1.1.112
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/1025
Port 1025/tcp was found to be open
1026/tcp
|
10736 - DCE Services Enumeration |
[-/+] |
Synopsis
A DCE/RPC service is running on the remote host.Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2001/08/26, Modification date: 2014/05/12Ports
tcp/1026
The following DCERPC services are available on TCP port 1026 : Object UUID : 00000000-0000-0000-0000-000000000000 UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0 Description : Unknown RPC service Annotation : Event log TCPIP Type : Remote RPC service TCP Port : 1026 IP : 10.1.1.112 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0 Description : Unknown RPC service Annotation : NRP server endpoint Type : Remote RPC service TCP Port : 1026 IP : 10.1.1.112 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : abfb6ca3-0c5e-4734-9285-0aee72fe8d1c, version 1.0 Description : Unknown RPC service Annotation : Wcm Service Type : Remote RPC service TCP Port : 1026 IP : 10.1.1.112 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0 Description : Unknown RPC service Annotation : DHCPv6 Client LRPC Endpoint Type : Remote RPC service TCP Port : 1026 IP : 10.1.1.112 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0 Description : DHCP Client Service Windows process : svchost.exe Annotation : DHCP Client LRPC Endpoint Type : Remote RPC service TCP Port : 1026 IP : 10.1.1.112
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/1026
Port 1026/tcp was found to be open
1027/tcp
|
10736 - DCE Services Enumeration |
[-/+] |
Synopsis
A DCE/RPC service is running on the remote host.Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2001/08/26, Modification date: 2014/05/12Ports
tcp/1027
The following DCERPC services are available on TCP port 1027 : Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0 Description : Unknown RPC service Type : Remote RPC service TCP Port : 1027 IP : 10.1.1.112 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0 Description : Unknown RPC service Type : Remote RPC service TCP Port : 1027 IP : 10.1.1.112 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0 Description : Unknown RPC service Annotation : IP Transition Configuration endpoint Type : Remote RPC service TCP Port : 1027 IP : 10.1.1.112 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0 Description : Unknown RPC service Annotation : Proxy Manager provider server endpoint Type : Remote RPC service TCP Port : 1027 IP : 10.1.1.112 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0 Description : Unknown RPC service Annotation : Proxy Manager client server endpoint Type : Remote RPC service TCP Port : 1027 IP : 10.1.1.112 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0 Description : Unknown RPC service Annotation : Adh APIs Type : Remote RPC service TCP Port : 1027 IP : 10.1.1.112 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0 Description : Unknown RPC service Annotation : XactSrv service Type : Remote RPC service TCP Port : 1027 IP : 10.1.1.112 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 1a0d010f-1c33-432c-b0f5-8cf4e8053099, version 1.0 Description : Unknown RPC service Annotation : IdSegSrv service Type : Remote RPC service TCP Port : 1027 IP : 10.1.1.112 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Remote RPC service TCP Port : 1027 IP : 10.1.1.112 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Remote RPC service TCP Port : 1027 IP : 10.1.1.112 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Remote RPC service TCP Port : 1027 IP : 10.1.1.112 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 58e604e8-9adb-4d2e-a464-3b0683fb1480, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Remote RPC service TCP Port : 1027 IP : 10.1.1.112
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/1027
Port 1027/tcp was found to be open
1028/tcp
|
10736 - DCE Services Enumeration |
[-/+] |
Synopsis
A DCE/RPC service is running on the remote host.Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2001/08/26, Modification date: 2014/05/12Ports
tcp/1028
The following DCERPC services are available on TCP port 1028 : Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345678-1234-abcd-ef00-0123456789ab, version 1.0 Description : IPsec Services (Windows XP & 2003) Windows process : lsass.exe Type : Remote RPC service TCP Port : 1028 IP : 10.1.1.112 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1.0 Description : Unknown RPC service Type : Remote RPC service TCP Port : 1028 IP : 10.1.1.112 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : ae33069b-a2a8-46ee-a235-ddfd339be281, version 1.0 Description : Unknown RPC service Type : Remote RPC service TCP Port : 1028 IP : 10.1.1.112 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 4a452661-8290-4b36-8fbe-7f4093a94978, version 1.0 Description : Unknown RPC service Type : Remote RPC service TCP Port : 1028 IP : 10.1.1.112 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 76f03f96-cdfd-44fc-a22c-64950a001209, version 1.0 Description : Unknown RPC service Type : Remote RPC service TCP Port : 1028 IP : 10.1.1.112
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/1028
Port 1028/tcp was found to be open
1035/tcp
|
10736 - DCE Services Enumeration |
[-/+] |
Synopsis
A DCE/RPC service is running on the remote host.Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2001/08/26, Modification date: 2014/05/12Ports
tcp/1035
The following DCERPC services are available on TCP port 1035 : Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 367abb81-9844-35f1-ad32-98f038001003, version 2.0 Description : Service Control Manager Windows process : svchost.exe Type : Remote RPC service TCP Port : 1035 IP : 10.1.1.112
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/1035
Port 1035/tcp was found to be open
1048/tcp
|
90510 - MS16-047: Security Update for SAM and LSAD Remote Protocols (3148527) (Badlock) (uncredentialed check) |
[-/+] |
Synopsis
The remote Windows host is affected by an elevation of privilege vulnerability.Description
The remote Windows host is affected by an elevation of privilege vulnerability in the Security Account Manager (SAM) and Local Security Authority (Domain Policy) (LSAD) protocols due to improper authentication level negotiation over Remote Procedure Call (RPC) channels. A man-in-the-middle attacker able to intercept communications between a client and a server hosting a SAM database can exploit this to force the authentication level to downgrade, allowing the attacker to impersonate an authenticated user and access the SAM database.See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.Risk Factor
MediumCVSS Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)CVSS Temporal Score
5.6 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IReferences
| BID |
86002
|
| CVE |
CVE-2016-0128
|
| XREF |
OSVDB:136339 |
| XREF |
MSFT:MS16-047 |
| XREF |
CERT:813296 |
| XREF |
IAVA:2016-A-0093 |
Plugin Information:
Publication date: 2016/04/13, Modification date: 2016/07/19Ports
tcp/1048
|
10736 - DCE Services Enumeration |
[-/+] |
Synopsis
A DCE/RPC service is running on the remote host.Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2001/08/26, Modification date: 2014/05/12Ports
tcp/1048
The following DCERPC services are available on TCP port 1048 : Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Remote RPC service TCP Port : 1048 IP : 10.1.1.112
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/1048
Port 1048/tcp was found to be open
5355/udp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
udp/5355
Port 5355/udp was found to be open
5985/tcp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/5985
Port 5985/tcp was found to be open
8834/tcp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/8834
Port 8834/tcp was found to be open
47001/tcp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/47001
Port 47001/tcp was found to be open
53947/udp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
udp/53947
Port 53947/udp was found to be open
53950/udp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
udp/53950
Port 53950/udp was found to be open
57495/udp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
udp/57495
Port 57495/udp was found to be open
10.1.1.114
Scan Information
| Start time: |
Wed Apr 12 01:02:40 2017 |
| End time: |
Wed Apr 12 01:07:43 2017 |
Host Information
| OS: |
Linux Kernel 2.6.32-642.el6.x86_64 on CentOS release 6.8 (Final) |
Results Summary
| Critical |
High |
Medium |
Low |
Info |
Total |
| 7 |
33 |
21 |
3 |
17 |
81 |
Results Details
0/tcp
|
90636 - CentOS 6 : java-1.7.0-openjdk (CESA-2016:0675) |
[-/+] |
Synopsis
The remote CentOS host is missing one or more security updates.Description
An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es) : * Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2016-0686, CVE-2016-0687) * It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger deserialization flaws. (CVE-2016-3427) * It was discovered that the JAXP component in OpenJDK failed to properly handle Unicode surrogate pairs used as part of the XML attribute values. Specially crafted XML input could cause a Java application to use an excessive amount of memory when parsed. (CVE-2016-3425) * It was discovered that the Security component in OpenJDK failed to check the digest algorithm strength when generating DSA signatures. The use of a digest weaker than the key strength could lead to the generation of signatures that were weaker than expected. (CVE-2016-0695) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.See Also
Solution
Update the affected java-1.7.0-openjdk packages.Risk Factor
CriticalCVSS v3.0 Base Score
9.6 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)CVSS v3.0 Temporal Score
8.3 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/04/22, Modification date: 2016/11/17Ports
tcp/0
Remote package installed : java-1.7.0-openjdk-1.7.0.99-2.6.5.1.el6 Should be : java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el6_7
|
90723 - CentOS 5 / 6 / 7 : firefox (CESA-2016:0695) |
[-/+] |
Synopsis
The remote CentOS host is missing a security update.Description
An update for firefox is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.1.0 ESR. Security Fix(es) : * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-2805, CVE-2016-2806, CVE-2016-2807, CVE-2016-2808, CVE-2016-2814) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Phil Ringalda, CESG (the Information Security Arm of GCHQ), Sascha Just, Jesse Ruderman, Christian Holler, Tyson Smith, Boris Zbarsky, David Bolter, Carsten Book, Mats Palmgren, Gary Kwong, and Randell Jesup as the original reporters.See Also
Solution
Update the affected firefox package.Risk Factor
CriticalCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)References
| CVE |
CVE-2016-2805
|
| CVE |
CVE-2016-2806
|
| CVE |
CVE-2016-2807
|
| CVE |
CVE-2016-2808
|
| CVE |
CVE-2016-2814
|
| XREF |
OSVDB:135562 |
| XREF |
OSVDB:137609 |
| XREF |
OSVDB:137610 |
| XREF |
OSVDB:137613 |
| XREF |
OSVDB:137614 |
| XREF |
OSVDB:137615 |
| XREF |
OSVDB:137616 |
| XREF |
OSVDB:137617 |
| XREF |
OSVDB:137618 |
| XREF |
OSVDB:137619 |
| XREF |
OSVDB:137620 |
| XREF |
OSVDB:137621 |
| XREF |
OSVDB:137622 |
| XREF |
OSVDB:137623 |
| XREF |
OSVDB:137624 |
| XREF |
OSVDB:137625 |
| XREF |
OSVDB:137626 |
| XREF |
OSVDB:137627 |
| XREF |
OSVDB:137628 |
| XREF |
OSVDB:137639 |
| XREF |
OSVDB:137642 |
| XREF |
RHSA:2016:0695 |
Plugin Information:
Publication date: 2016/04/27, Modification date: 2016/11/17Ports
tcp/0
Remote package installed : firefox-45.0.1-1.el6.centos Should be : firefox-45.1.0-1.el6.centos
|
91018 - CentOS 5 / 6 / 7 : java-1.6.0-openjdk (CESA-2016:0723) |
[-/+] |
Synopsis
The remote CentOS host is missing one or more security updates.Description
An update for java-1.6.0-openjdk is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Security Fix(es) : * Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2016-0686, CVE-2016-0687) * It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger deserialization flaws. (CVE-2016-3427) * It was discovered that the JAXP component in OpenJDK failed to properly handle Unicode surrogate pairs used as part of the XML attribute values. Specially crafted XML input could cause a Java application to use an excessive amount of memory when parsed. (CVE-2016-3425) * It was discovered that the Security component in OpenJDK failed to check the digest algorithm strength when generating DSA signatures. The use of a digest weaker than the key strength could lead to the generation of signatures that were weaker than expected. (CVE-2016-0695)See Also
Solution
Update the affected java-1.6.0-openjdk packages.Risk Factor
CriticalCVSS v3.0 Base Score
9.6 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)CVSS v3.0 Temporal Score
8.3 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/05/11, Modification date: 2016/11/17Ports
tcp/0
Remote package installed : java-1.6.0-openjdk-1.6.0.38-1.13.10.4.el6 Should be : java-1.6.0-openjdk-1.6.0.39-1.13.11.0.el6_7
|
91786 - CentOS 6 / 7 : libxml2 (CESA-2016:1292) |
[-/+] |
Synopsis
The remote CentOS host is missing one or more security updates.Description
An update for libxml2 is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix(es) : A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or execute arbitrary code with the permissions of the user running the application. (CVE-2016-1834, CVE-2016-1840) Multiple denial of service flaws were found in libxml2. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, could cause that application to crash. (CVE-2016-1762, CVE-2016-1833, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449)See Also
Solution
Update the affected libxml2 packages.Risk Factor
CriticalCVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
8.6 (CVSS:3.0/E:U/RL:X/RC:R)CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
8.1 (CVSS2#E:U/RL:ND/RC:UR)References
Plugin Information:
Publication date: 2016/06/24, Modification date: 2016/11/17Ports
tcp/0
Remote package installed : libxml2-2.7.6-21.el6 Should be : libxml2-2.7.6-21.el6_8.1 Remote package installed : libxml2-python-2.7.6-21.el6 Should be : libxml2-python-2.7.6-21.el6_8.1
|
96456 - CentOS 6 : kernel (CESA-2017:0036) |
[-/+] |
Synopsis
The remote CentOS host is missing one or more security updates.Description
An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A use-after-free vulnerability was found in the kernels socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function. (CVE-2016-7117, Important) * An out-of-bounds heap memory access leading to a Denial of Service, heap disclosure, or further impact was found in setsockopt(). The function call is normally restricted to root, however some processes with cap_sys_admin may also be able to trigger this flaw in privileged container environments. (CVE-2016-4998, Moderate) * A use-after-free vulnerability was found in tcp_xmit_retransmit_queue and other tcp_* functions. This condition could allow an attacker to send an incorrect selective acknowledgment to existing connections, possibly resetting a connection. (CVE-2016-6828, Moderate) Bug Fix(es) : * When parallel NFS returned a file layout, a kernel crash sometimes occurred. This update removes the call to the BUG_ON() function from a code path of a client that returns the file layout. As a result, the kernel no longer crashes in the described situation. (BZ#1385480) * When a guest virtual machine (VM) on Microsoft Hyper-V was set to crash on a Nonmaskable Interrupt (NMI) that was injected from the host, this VM became unresponsive and did not create the vmcore dump file. This update applies a set of patches to the Virtual Machine Bus kernel driver (hv_vmbus) that fix this bug. As a result, the VM now first creates and saves the vmcore dump file and then reboots. (BZ#1385482) * From Red Hat Enterprise Linux 6.6 to 6.8, the IPv6 routing cache occasionally showed incorrect values. This update fixes the DST_NOCOUNT mechanism, and the IPv6 routing cache now shows correct values. (BZ#1391974) * When using the ixgbe driver and the software Fibre Channel over Ethernet (FCoE) stack, suboptimal performance in some cases occurred on systems with a large number of CPUs. This update fixes the fc_exch_alloc() function to try all the available exchange managers in the list for an available exchange ID. This change avoids failing allocations, which previously led to the host busy status. (BZ#1392818) * When the vmwgfx kernel module loads, it overrides the boot resolution automatically. Consequently, users were not able to change the resolution by manual setting of the kernel's 'vga=' parameter in the /boot/grub/grub.conf file. This update adds the 'nomodeset' parameter, which can be set in the /boot/grub/grub.conf file. The 'nomodeset' parameter allows the users to prevent the vmwgfx driver from loading. As a result, the setting of the 'vga=' parameter works as expected, in case that vmwgfx does not load. (BZ#1392875) * When Red Hat Enterprise Linux 6.8 was booted on SMBIOS 3.0 based systems, Desktop Management Interface (DMI) information, which is referenced by several applications, such as NEC server's memory RAS utility, was missing entries in the sysfs virtual file system. This update fixes the underlying source code, and sysfs now shows the DMI information as expected. (BZ#1393464) * Previously, bonding mode active backup and the propagation of the media access control (MAC) address to a VLAN interface did not work in Red Hat Enterprise Linux 6.8, when the fail_over_mac bonding parameter was set to fail_over_mac=active. With this update, the underlying source code has been fixed so that the VLANs continue inheriting the MAC address of the active physical interface until the VLAN MAC address is explicitly set to any value. As a result, IPv6 EUI64 addresses for the VLAN can reflect any changes to the MAC address of the physical interface, and Duplicate Address Detection (DAD) behaves as expected. (BZ#1396479)See Also
Solution
Update the affected kernel packages.Risk Factor
CriticalCVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
8.5 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2017/01/13, Modification date: 2017/01/17Ports
tcp/0
Remote package installed : kernel-2.6.32-642.el6 Should be : kernel-2.6.32-642.13.1.el6 Remote package installed : kernel-firmware-2.6.32-642.el6 Should be : kernel-firmware-2.6.32-642.13.1.el6 Remote package installed : kernel-headers-2.6.32-642.el6 Should be : kernel-headers-2.6.32-642.13.1.el6
|
96812 - CentOS 6 : mysql (CESA-2017:0184) |
[-/+] |
Synopsis
The remote CentOS host is missing one or more security updates.Description
An update for mysql is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. Security Fix(es) : * It was discovered that the MySQL logging functionality allowed writing to MySQL configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server. (CVE-2016-6662) * A race condition was found in the way MySQL performed MyISAM engine table repair. A database user with shell access to the server running mysqld could use this flaw to change permissions of arbitrary files writable by the mysql system user. (CVE-2016-6663, CVE-2016-5616)See Also
Solution
Update the affected mysql packages.Risk Factor
CriticalCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
8.5 (CVSS:3.0/E:F/RL:U/RC:X)CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
9.5 (CVSS2#E:F/RL:U/RC:ND)References
Plugin Information:
Publication date: 2017/01/27, Modification date: 2017/01/27Ports
tcp/0
Remote package installed : mysql-libs-5.1.73-7.el6 Should be : mysql-libs-5.1.73-8.el6_8
|
97389 - CentOS 6 : kernel (CESA-2017:0307) |
[-/+] |
Synopsis
The remote CentOS host is missing one or more security updates.Description
An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * When creating audit records for parameters to executed children processes, an attacker can convince the Linux kernel audit subsystem can create corrupt records which may allow an attacker to misrepresent or evade logging of executing commands. (CVE-2016-6136, Moderate) * A flaw was found in the Linux kernel's implementation of the SCTP protocol. A remote attacker could trigger an out-of-bounds read with an offset of up to 64kB potentially causing the system to crash. (CVE-2016-9555, Moderate) Bug Fix(es) : * The qlnic driver previously attempted to fetch pending transmission descriptors before all writes were complete, which lead to firmware hangs. With this update, the qlcnic driver has been fixed to complete all writes before the hardware fetches any pending transmission descriptors. As a result, the firmware no longer hangs with the qlcnic driver. (BZ#1403143) * Previously, when a NFS share was mounted, the file-system (FS) cache was incorrectly enabled even when the '-o fsc' option was not used in the mount command. Consequently, the cachefilesd service stored files in the NFS share even when not instructed to by the user. With this update, NFS does not use the FS cache if not instructed by the '-o fsc' option. As a result, NFS no longer enables caching if the '-o fsc' option is not used. (BZ#1399172) * Previously, an NFS client and NFS server got into a NFS4 protocol loop involving a WRITE action and a NFS4ERR_EXPIRED response when the current_fileid counter got to the wraparound point by overflowing the value of 32 bits. This update fixes the NFS server to handle the current_fileid wraparound. As a result, the described NFS4 protocol loop no longer occurs. (BZ#1399174) * Previously, certain configurations of the Hewlett Packard Smart Array (HPSA) devices caused hardware to be set offline incorrectly when the HPSA driver was expected to wait for existing I/O operations to complete. Consequently, a kernel panic occurred. This update prevents the described problem. As a result, the kernel panic no longer occurs. (BZ#1399175) * Previously, memory corruption by copying data into the wrong memory locations sometimes occurred, because the __copy_tofrom_user() function was returning incorrect values. This update fixes the __copy_tofrom_user() function so that it no longer returns larger values than the number of bytes it was asked to copy. As a result, memory corruption no longer occurs in he described scenario. (BZ#1398185) * Previously, guest virtual machines (VMs) on a Hyper-V server cluster got in some cases rebooted during the graceful node failover test, because the host kept sending heartbeat packets independently of guests responding to them. This update fixes the bug by properly responding to all the heartbeat messages in the queue, even if they are pending. As a result, guest VMs no longer get rebooted under the described circumstances. (BZ#1397739) * When the 'punching hole' feature of the fallocate utility was used on an ext4 file system inode with extent depth of 1, the extent tree of the inode sometimes became corrupted. With this update, the underlying source code has been fixed, and extent tree corruption no longer occurs in the described situation. (BZ#1397808)See Also
Solution
Update the affected kernel packages.Risk Factor
CriticalCVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
8.5 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2017/02/27, Modification date: 2017/02/27Ports
tcp/0
Remote package installed : kernel-2.6.32-642.el6 Should be : kernel-2.6.32-642.15.1.el6 Remote package installed : kernel-firmware-2.6.32-642.el6 Should be : kernel-firmware-2.6.32-642.15.1.el6 Remote package installed : kernel-headers-2.6.32-642.el6 Should be : kernel-headers-2.6.32-642.15.1.el6
|
91172 - CentOS 6 : qemu-kvm (CESA-2016:0997) |
[-/+] |
Synopsis
The remote CentOS host is missing one or more security updates.Description
An update for qemu-kvm is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-space component for running virtual machines using KVM. Security Fix(es) : * An out-of-bounds read/write access flaw was found in the way QEMU's VGA emulation with VESA BIOS Extensions (VBE) support performed read/write operations via I/O port methods. A privileged guest user could use this flaw to execute arbitrary code on the host with the privileges of the host's QEMU process. (CVE-2016-3710) Red Hat would like to thank Wei Xiao (360 Marvel Team) and Qinghao Tang (360 Marvel Team) for reporting this issue.See Also
Solution
Update the affected qemu-kvm packages.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/05/17, Modification date: 2016/11/17Ports
tcp/0
Remote package installed : qemu-guest-agent-0.12.1.2-2.491.el6 Should be : qemu-guest-agent-0.12.1.2-2.491.el6_8.1
|
92026 - CentOS 6 : kernel (CESA-2016:1406) |
[-/+] |
Synopsis
The remote CentOS host is missing one or more security updates.Description
Updated kernel packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix : * A flaw was found in the way certain interfaces of the Linux kernel's Infiniband subsystem used write() as bi-directional ioctl() replacement, which could lead to insufficient memory security checks when being invoked using the the splice() system call. A local unprivileged user on a system with either Infiniband hardware present or RDMA Userspace Connection Manager Access module explicitly loaded, could use this flaw to escalate their privileges on the system. (CVE-2016-4565, Important) Red Hat would like to thank Jann Horn for reporting this issue. This update also fixes the following bugs : * When providing some services and using the Integrated Services Digital Network (ISDN), the system could terminate unexpectedly due to the call of the tty_ldisc_flush() function. The provided patch removes this call and the system no longer hangs in the described scenario. (BZ#1337443) * An update to the Red Hat Enterprise Linux 6.8 kernel added calls of two functions provided by the ipv6.ko kernel module, which added a dependency on that module. On systems where ipv6.ko was prevented from being loaded, the nfsd.ko and lockd.ko modules were unable to be loaded. Consequently, it was not possible to run an NFS server or to mount NFS file systems as a client. The underlying source code has been fixed by adding the symbol_get() function, which determines if nfsd.ko and lock.ko are loaded into memory and calls them through function pointers, not directly. As a result, the aforementioned kernel modules are allowed to be loaded even if ipv6.ko is not, and the NFS mount works as expected. (BZ#1341496) * After upgrading the kernel, CPU load average increased compared to the prior kernel version due to the modification of the scheduler. The provided patch set reverts the calculation algorithm of this load average to the the previous version thus resulting in relatively lower values under the same system load. (BZ#1343015)See Also
Solution
Update the affected kernel packages.Risk Factor
HighCVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/07/13, Modification date: 2016/11/17Ports
tcp/0
Remote package installed : kernel-2.6.32-642.el6 Should be : kernel-2.6.32-642.3.1.el6 Remote package installed : kernel-firmware-2.6.32-642.el6 Should be : kernel-firmware-2.6.32-642.3.1.el6 Remote package installed : kernel-headers-2.6.32-642.el6 Should be : kernel-headers-2.6.32-642.3.1.el6
|
92586 - CentOS 5 / 6 / 7 : java-1.7.0-openjdk (CESA-2016:1504) |
[-/+] |
Synopsis
The remote CentOS host is missing one or more security updates.Description
An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es) : * Multiple flaws were discovered in the Hotspot and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2016-3606, CVE-2016-3598, CVE-2016-3610) * Multiple denial of service flaws were found in the JAXP component in OpenJDK. A specially crafted XML file could cause a Java application using JAXP to consume an excessive amount of CPU and memory when parsed. (CVE-2016-3500, CVE-2016-3508) * Multiple flaws were found in the CORBA and Hotsport components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2016-3458, CVE-2016-3550)See Also
Solution
Update the affected java-1.7.0-openjdk packages.Risk Factor
HighCVSS v3.0 Base Score
9.6 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)CVSS v3.0 Temporal Score
8.3 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/07/28, Modification date: 2016/11/17Ports
tcp/0
Remote package installed : java-1.7.0-openjdk-1.7.0.99-2.6.5.1.el6 Should be : java-1.7.0-openjdk-1.7.0.111-2.6.7.2.el6_8
|
92682 - CentOS 6 : libtiff (CESA-2016:1547) |
[-/+] |
Synopsis
The remote CentOS host is missing one or more security updates.Description
An update for libtiff is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es) : * Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files. (CVE-2014-9655, CVE-2015-1547, CVE-2015-8784, CVE-2015-8683, CVE-2015-8665, CVE-2015-8781, CVE-2015-8782, CVE-2015-8783, CVE-2016-3990, CVE-2016-5320) * Multiple flaws have been discovered in various libtiff tools (bmp2tiff, pal2rgb, thumbnail, tiff2bw, tiff2pdf, tiffcrop, tiffdither, tiffsplit, tiff2rgba). By tricking a user into processing a specially crafted file, a remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code with the privileges of the user running the libtiff tool. (CVE-2014-8127, CVE-2014-8129, CVE-2014-8130, CVE-2014-9330, CVE-2015-7554, CVE-2015-8668, CVE-2016-3632, CVE-2016-3945, CVE-2016-3991)See Also
Solution
Update the affected libtiff packages.Risk Factor
HighCVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.8 (CVSS:3.0/E:U/RL:O/RC:U)CVSS Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)CVSS Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:UC)References
Plugin Information:
Publication date: 2016/08/03, Modification date: 2016/11/23Ports
tcp/0
Remote package installed : libtiff-3.9.4-10.el6_5 Should be : libtiff-3.9.4-18.el6_8
|
92703 - CentOS 5 / 6 / 7 : firefox (CESA-2016:1551) |
[-/+] |
Synopsis
The remote CentOS host is missing a security update.Description
An update for firefox is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.3.0 ESR. Security Fix(es) : * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-2836, CVE-2016-5258, CVE-2016-5259, CVE-2016-5252, CVE-2016-5263, CVE-2016-2830, CVE-2016-2838, CVE-2016-5254, CVE-2016-5262, CVE-2016-5264, CVE-2016-5265, CVE-2016-2837) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Looben Yang, Carsten Book, Christian Holler, Gary Kwong, Jesse Ruderman, Andrew McCreight, Phil Ringnalda, Philipp, Toni Huttunen, Georg Koppen, Abhishek Arya, Atte Kettunen, Nils, Nikita Arykov, and Abdulrahman Alqabandi as the original reporters.See Also
Solution
Update the affected firefox package.Risk Factor
HighCVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)CVSS Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)CVSS Temporal Score
5.9 (CVSS2#E:POC/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/08/04, Modification date: 2016/11/17Ports
tcp/0
Remote package installed : firefox-45.0.1-1.el6.centos Should be : firefox-45.3.0-1.el6.centos
|
93666 - CentOS 5 / 6 / 7 : firefox (CESA-2016:1912) |
[-/+] |
Synopsis
The remote CentOS host is missing a security update.Description
An update for firefox is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.4.0 ESR. Security Fix(es) : * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-5257, CVE-2016-5278, CVE-2016-5270, CVE-2016-5272, CVE-2016-5274, CVE-2016-5276, CVE-2016-5277, CVE-2016-5280, CVE-2016-5281, CVE-2016-5284, CVE-2016-5250, CVE-2016-5261) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Samuel Gross, Brian Carpenter, Mei Wang, Ryan Duff, Catalin Dumitru, Mozilla developers, Christoph Diehl, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp, Carsten Book, Abhishek Arya, Atte Kettunen, and Nils as the original reporters.See Also
Solution
Update the affected firefox package.Risk Factor
HighCVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)CVSS Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)CVSS Temporal Score
5.5 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/09/23, Modification date: 2016/11/17Ports
tcp/0
Remote package installed : firefox-45.0.1-1.el6.centos Should be : firefox-45.4.0-1.el6.centos
|
93777 - CentOS 6 / 7 : openssl (CESA-2016:1940) |
[-/+] |
Synopsis
The remote CentOS host is missing one or more security updates.Description
An update for openssl is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es) : * A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support. (CVE-2016-6304) * It was discovered that OpenSSL did not always use constant time operations when computing Digital Signature Algorithm (DSA) signatures. A local attacker could possibly use this flaw to obtain a private DSA key belonging to another user or service running on the same system. (CVE-2016-2178) * It was discovered that the Datagram TLS (DTLS) implementation could fail to release memory in certain cases. A malicious DTLS client could cause a DTLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory. (CVE-2016-2179) * A flaw was found in the Datagram TLS (DTLS) replay protection implementation in OpenSSL. A remote attacker could possibly use this flaw to make a DTLS server using OpenSSL to reject further packets sent from a DTLS client over an established DTLS connection. (CVE-2016-2181) * An out of bounds write flaw was discovered in the OpenSSL BN_bn2dec() function. An attacker able to make an application using OpenSSL to process a large BIGNUM could cause the application to crash or, possibly, execute arbitrary code. (CVE-2016-2182) * A flaw was found in the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183) This update mitigates the CVE-2016-2183 issue by lowering priority of DES cipher suites so they are not preferred over cipher suites using AES. For compatibility reasons, DES cipher suites remain enabled by default and included in the set of cipher suites identified by the HIGH cipher string. Future updates may move them to MEDIUM or not enable them by default. * An integer underflow flaw leading to a buffer over-read was found in the way OpenSSL parsed TLS session tickets. A remote attacker could use this flaw to crash a TLS server using OpenSSL if it used SHA-512 as HMAC for session tickets. (CVE-2016-6302) * Multiple integer overflow flaws were found in the way OpenSSL performed pointer arithmetic. A remote attacker could possibly use these flaws to cause a TLS/SSL server or client using OpenSSL to crash. (CVE-2016-2177) * An out of bounds read flaw was found in the way OpenSSL formatted Public Key Infrastructure Time-Stamp Protocol data for printing. An attacker could possibly cause an application using OpenSSL to crash if it printed time stamp data from the attacker. (CVE-2016-2180) * Multiple out of bounds read flaws were found in the way OpenSSL handled certain TLS/SSL protocol handshake messages. A remote attacker could possibly use these flaws to crash a TLS/SSL server or client using OpenSSL. (CVE-2016-6306) Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6304 and CVE-2016-6306 and OpenVPN for reporting CVE-2016-2183. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter of CVE-2016-6304 and CVE-2016-6306; and Karthikeyan Bhargavan (Inria) and Gaetan Leurent (Inria) as the original reporters of CVE-2016-2183.See Also
Solution
Update the affected openssl packages.Risk Factor
HighCVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
9.0 (CVSS:3.0/E:F/RL:O/RC:X)CVSS Base Score
7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)CVSS Temporal Score
6.4 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/09/28, Modification date: 2016/11/17Ports
tcp/0
Remote package installed : openssl-1.0.1e-48.el6 Should be : openssl-1.0.1e-48.el6_8.3
|
93779 - CentOS 5 / 6 / 7 : bind (CESA-2016:1944) |
[-/+] |
Synopsis
The remote CentOS host is missing one or more security updates.Description
An update for bind is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es) : * A denial of service flaw was found in the way BIND constructed a response to a query that met certain criteria. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS request packet. (CVE-2016-2776) Red Hat would like to thank ISC for reporting this issue.See Also
Solution
Update the affected bind packages.Risk Factor
HighCVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)CVSS v3.0 Temporal Score
6.9 (CVSS:3.0/E:F/RL:O/RC:X)CVSS Base Score
7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)CVSS Temporal Score
6.4 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IReferences
| CVE |
CVE-2016-2776
|
| XREF |
OSVDB:144854 |
| XREF |
RHSA:2016:1944 |
| XREF |
IAVA:2017-A-0004 |
Plugin Information:
Publication date: 2016/09/28, Modification date: 2017/01/16Ports
tcp/0
Remote package installed : bind-libs-9.8.2-0.47.rc1.el6 Should be : bind-libs-9.8.2-0.47.rc1.el6_8.1 Remote package installed : bind-utils-9.8.2-0.47.rc1.el6 Should be : bind-utils-9.8.2-0.47.rc1.el6_8.1
|
93867 - CentOS 6 : kernel (CESA-2016:2006) |
[-/+] |
Synopsis
The remote CentOS host is missing one or more security updates.Description
An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A flaw was found in the Linux kernel's keyring handling code, where in key_reject_and_link() an uninitialized variable would eventually lead to arbitrary free address which could allow attacker to use a use-after-free style attack. (CVE-2016-4470, Important) * A heap-based buffer overflow vulnerability was found in the Linux kernel's hiddev driver. This flaw could allow a local attacker to corrupt kernel memory, possible privilege escalation or crashing the system. (CVE-2016-5829, Moderate) The CVE-2016-4470 issue was discovered by David Howells (Red Hat Inc.). Bug Fix(es) : * Previously, when two NFS shares with different security settings were mounted, the I/O operations to the kerberos-authenticated mount caused the RPC_CRED_KEY_EXPIRE_SOON parameter to be set, but the parameter was not unset when performing the I/O operations on the sec=sys mount. Consequently, writes to both NFS shares had the same parameters, regardless of their security settings. This update fixes this problem by moving the NO_CRKEY_TIMEOUT parameter to the auth->au_flags field. As a result, NFS shares with different security settings are now handled as expected. (BZ#1366962) * In some circumstances, resetting a Fibre Channel over Ethernet (FCoE) interface could lead to a kernel panic, due to invalid information extracted from the FCoE header. This update adds santiy checking to the cpu number extracted from the FCoE header. This ensures that subsequent operations address a valid cpu, and eliminates the kernel panic. (BZ#1359036) * Prior to this update, the following problems occurred with the way GSF2 transitioned files and directories from the 'unlinked' state to the 'free' state : The numbers reported for the df and the du commands in some cases got out of sync, which caused blocks in the file system to appear missing. The blocks were not actually missing, but they were left in the 'unlinked' state. In some circumstances, GFS2 referenced a cluster lock that was already deleted, which led to a kernel panic. If an object was deleted and its space reused as a different object, GFS2 sometimes deleted the existing one, which caused file system corruption. With this update, the transition from 'unlinked' to 'free' state has been fixed. As a result, none of these three problems occur anymore. (BZ#1359037) * Previously, the GFS2 file system in some cases became unresponsive due to lock dependency problems between inodes and the cluster lock. This occurred most frequently on nearly full file systems where files and directories were being deleted and recreated at the same block location at the same time. With this update, a set of patches has been applied to fix these lock dependencies. As a result, GFS2 no longer hangs in the described circumstances. (BZ#1359038) * When used with controllers that do not support DCMD- MR_DCMD_PD_LIST_QUERY, the megaraid_sas driver can go into infinite error reporting loop of error reporting messages. This could cause difficulties with finding other important log messages, or even it could cause the disk to overflow. This bug has been fixed by ignoring the DCMD MR_DCMD_PD_LIST_QUERY query for controllers which do not support it and sending the DCMD SUCCESS status to the AEN functions. As a result, the error messages no longer appear when there is a change in the status of one of the arrays. (BZ#1359039)See Also
Solution
Update the affected kernel packages.Risk Factor
HighCVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/10/06, Modification date: 2016/11/17Ports
tcp/0
Remote package installed : kernel-2.6.32-642.el6 Should be : kernel-2.6.32-642.6.1.el6 Remote package installed : kernel-firmware-2.6.32-642.el6 Should be : kernel-firmware-2.6.32-642.6.1.el6 Remote package installed : kernel-headers-2.6.32-642.el6 Should be : kernel-headers-2.6.32-642.6.1.el6
|
94292 - CentOS 6 : kernel (CESA-2016:2105) (Dirty COW) |
[-/+] |
Synopsis
The remote CentOS host is missing one or more security updates.Description
An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. (CVE-2016-5195, Important) Red Hat would like to thank Phil Oester for reporting this issue.See Also
Solution
Update the affected kernel packages.Risk Factor
HighCVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.2 (CVSS:3.0/E:F/RL:O/RC:X)CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.0 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IReferences
| CVE |
CVE-2016-5195
|
| XREF |
OSVDB:146061 |
| XREF |
RHSA:2016:2105 |
| XREF |
IAVA:2016-A-0306 |
Exploitable with
CANVAS (true)Core Impact (true)Plugin Information:
Publication date: 2016/10/27, Modification date: 2017/01/16Ports
tcp/0
Remote package installed : kernel-2.6.32-642.el6 Should be : kernel-2.6.32-642.6.2.el6 Remote package installed : kernel-firmware-2.6.32-642.el6 Should be : kernel-firmware-2.6.32-642.6.2.el6 Remote package installed : kernel-headers-2.6.32-642.el6 Should be : kernel-headers-2.6.32-642.6.2.el6
|
94740 - CentOS 5 / 6 / 7 : java-1.7.0-openjdk (CESA-2016:2658) |
[-/+] |
Synopsis
The remote CentOS host is missing one or more security updates.Description
An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es) : * It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine's memory and completely bypass Java sandbox restrictions. (CVE-2016-5582) * It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol (JDWP) packets. An attacker could possibly use this flaw to send debugging commands to a Java program running with debugging enabled if they could make victim's browser send HTTP requests to the JDWP port of the debugged application. (CVE-2016-5573) * It was discovered that the Libraries component of OpenJDK did not restrict the set of algorithms used for Jar integrity verification. This flaw could allow an attacker to modify content of the Jar file that used weak signing key or hash algorithm. (CVE-2016-5542) Note: After this update, MD2 hash algorithm and RSA keys with less than 1024 bits are no longer allowed to be used for Jar integrity verification by default. MD5 hash algorithm is expected to be disabled by default in the future updates. A newly introduced security property jdk.jar.disabledAlgorithms can be used to control the set of disabled algorithms. * A flaw was found in the way the JMX component of OpenJDK handled classloaders. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2016-5554) * A flaw was found in the way the Networking component of OpenJDK handled HTTP proxy authentication. A Java application could possibly expose HTTPS server authentication credentials via a plain text network connection to an HTTP proxy if proxy asked for authentication. (CVE-2016-5597) Note: After this update, Basic HTTP proxy authentication can no longer be used when tunneling HTTPS connection through an HTTP proxy. Newly introduced system properties jdk.http.auth.proxying.disabledSchemes and jdk.http.auth.tunneling.disabledSchemes can be used to control which authentication schemes can be requested by an HTTP proxy when proxying HTTP and HTTPS connections respectively.See Also
Solution
Update the affected java-1.7.0-openjdk packages.Risk Factor
HighCVSS v3.0 Base Score
9.6 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)CVSS v3.0 Temporal Score
8.6 (CVSS:3.0/E:P/RL:O/RC:X)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/11/14, Modification date: 2016/11/28Ports
tcp/0
Remote package installed : java-1.7.0-openjdk-1.7.0.99-2.6.5.1.el6 Should be : java-1.7.0-openjdk-1.7.0.121-2.6.8.1.el6_8
|
94978 - CentOS 6 / 7 : policycoreutils (CESA-2016:2702) |
[-/+] |
Synopsis
The remote CentOS host is missing one or more security updates.Description
An update for policycoreutils is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The policycoreutils packages contain the core policy utilities required to manage a SELinux environment. Security Fix(es) : * It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use this flaw to execute arbitrary commands in the context of the parent shell, escaping the sandbox. (CVE-2016-7545)See Also
Solution
Update the affected policycoreutils packages.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.4 (CVSS:3.0/E:U/RL:U/RC:U)CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.5 (CVSS2#E:U/RL:U/RC:UC)References
Plugin Information:
Publication date: 2016/11/21, Modification date: 2017/01/23Ports
tcp/0
Remote package installed : policycoreutils-2.0.83-29.el6 Should be : policycoreutils-2.0.83-30.1.el6_8
|
94980 - CentOS 6 : kernel (CESA-2016:2766) |
[-/+] |
Synopsis
The remote CentOS host is missing one or more security updates.Description
An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * It was found that stacking a file system over procfs in the Linux kernel could lead to a kernel stack overflow due to deep nesting, as demonstrated by mounting ecryptfs over procfs and creating a recursion by mapping /proc/environ. An unprivileged, local user could potentially use this flaw to escalate their privileges on the system. (CVE-2016-1583, Important) * It was reported that on s390x, the fork of a process with four page table levels will cause memory corruption with a variety of symptoms. All processes are created with three level page table and a limit of 4TB for the address space. If the parent process has four page table levels with a limit of 8PB, the function that duplicates the address space will try to copy memory areas outside of the address space limit for the child process. (CVE-2016-2143, Moderate) Bug Fix(es) : * Use of a multi-threaded workload with high memory mappings sometiems caused a kernel panic, due to a race condition between the context switch and the pagetable upgrade. This update fixes the switch_mm() by using the complete asce parameter instead of the asce_bits parameter. As a result, the kernel no longer panics in the described scenario. (BZ#1377472) * When iptables created the Transmission Control Protocol (TCP) reset packet, a kernel crash could occur due to uninitialized pointer to the TCP header within the Socket Buffer (SKB). This update fixes the transport header pointer in TCP reset for both IPv4 and IPv6, and the kernel no longer crashes in the described situation.(BZ#1372266) * Previously, when the Enhanced Error Handling (EEH) mechanism did not block the PCI configuration space access and an error was detected, a kernel panic occurred. This update fixes EEH to fix this problem. As a result, the kernel no longer panics in the described scenario. (BZ#1379596) * When the lockd service failed to start up completely, the notifier blocks were in some cases registered on a notification chain multiple times, which caused the occurrence of a circular list on the notification chain. Consequently, a soft lock-up or a kernel oops occurred. With this update, the notifier blocks are unregistered if lockd fails to start up completely, and the soft lock-ups or the kernel oopses no longer occur under the described circumstances. (BZ#1375637) * When the Fibre Channel over Ethernet (FCoE) was configured, the FCoE MaxFrameSize parameter was incorrectly restricted to 1452. With this update, the NETIF_F_ALL_FCOE symbol is no longer ignored, which fixes this bug. MaxFrameSize is now restricted to 2112, which is the correct value. (BZ#1381592) * When the fnic driver was installed on Cisco UCS Blade Server, the discs were under certain circumstances put into the offline state with the following error message: 'Medium access timeout failure. Offlining disk!'. This update fixes fnic to set the Small Computer System Interface (SCSI) status as DID_ABORT after a successful abort operation. As a result, the discs are no longer put into the offlined state in the described situation. (BZ#1382620)See Also
Solution
Update the affected kernel packages.Risk Factor
HighCVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.5 (CVSS:3.0/E:F/RL:X/RC:X)CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.8 (CVSS2#E:F/RL:ND/RC:ND)References
Plugin Information:
Publication date: 2016/11/21, Modification date: 2016/11/21Ports
tcp/0
Remote package installed : kernel-2.6.32-642.el6 Should be : kernel-2.6.32-642.11.1.el6 Remote package installed : kernel-firmware-2.6.32-642.el6 Should be : kernel-firmware-2.6.32-642.11.1.el6 Remote package installed : kernel-headers-2.6.32-642.el6 Should be : kernel-headers-2.6.32-642.11.1.el6
|
94981 - CentOS 5 / 6 / 7 : nss / nss-util (CESA-2016:2779) |
[-/+] |
Synopsis
The remote CentOS host is missing one or more security updates.Description
An update for nss and nss-util is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries. The following packages have been upgraded to a newer upstream version: nss (3.12.3), nss-util (3.12.3). Security Fix(es) : * Multiple buffer handling flaws were found in the way NSS handled cryptographic data from the network. A remote attacker could use these flaws to crash an application using NSS or, possibly, execute arbitrary code with the permission of the user running the application. (CVE-2016-2834) * A NULL pointer dereference flaw was found in the way NSS handled invalid Diffie-Hellman keys. A remote client could use this flaw to crash a TLS/SSL server using NSS. (CVE-2016-5285) * It was found that Diffie Hellman Client key exchange handling in NSS was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group. (CVE-2016-8635) Red Hat would like to thank the Mozilla project for reporting CVE-2016-2834. The CVE-2016-8635 issue was discovered by Hubert Kario (Red Hat). Upstream acknowledges Tyson Smith and Jed Davis as the original reporter of CVE-2016-2834.See Also
Solution
Update the affected nss and / or nss-util packages.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/11/21, Modification date: 2016/12/07Ports
tcp/0
Remote package installed : nss-3.21.0-8.el6 Should be : nss-3.21.3-2.el6_8 Remote package installed : nss-sysinit-3.21.0-8.el6 Should be : nss-sysinit-3.21.3-2.el6_8 Remote package installed : nss-tools-3.21.0-8.el6 Should be : nss-tools-3.21.3-2.el6_8 Remote package installed : nss-util-3.21.0-2.el6 Should be : nss-util-3.21.3-1.el6_8
|
94982 - CentOS 5 / 6 : firefox (CESA-2016:2780) |
[-/+] |
Synopsis
The remote CentOS host is missing a security update.Description
An update for firefox is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.5.0 ESR. Security Fix(es) : * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-5296, CVE-2016-5297, CVE-2016-9066, CVE-2016-5291, CVE-2016-5290) * A flaw was found in the way Add-on update process was handled by Firefox. A Man-in-the-Middle attacker could use this flaw to install a malicious signed add-on update. (CVE-2016-9064) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Abhishek Arya, Andre Bargull, Samuel Gross, Yuyang Zhou, Olli Pettay, Christian Holler, Ehsan Akhgari, Jon Coppeard, Gary Kwong, Tooru Fujisawa, Philipp, and Randell Jesup as the original reporters.See Also
Solution
Update the affected firefox package.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)References
| CVE |
CVE-2016-5290
|
| CVE |
CVE-2016-5291
|
| CVE |
CVE-2016-5296
|
| CVE |
CVE-2016-5297
|
| CVE |
CVE-2016-9064
|
| CVE |
CVE-2016-9066
|
| XREF |
OSVDB:147338 |
| XREF |
OSVDB:147342 |
| XREF |
OSVDB:147343 |
| XREF |
OSVDB:147345 |
| XREF |
OSVDB:147352 |
| XREF |
OSVDB:147375 |
| XREF |
OSVDB:147376 |
| XREF |
OSVDB:147377 |
| XREF |
OSVDB:147378 |
| XREF |
OSVDB:147379 |
| XREF |
OSVDB:147380 |
| XREF |
OSVDB:147381 |
| XREF |
OSVDB:147382 |
| XREF |
OSVDB:147383 |
| XREF |
OSVDB:147384 |
| XREF |
OSVDB:147385 |
| XREF |
OSVDB:147386 |
| XREF |
RHSA:2016:2780 |
Plugin Information:
Publication date: 2016/11/21, Modification date: 2016/12/05Ports
tcp/0
Remote package installed : firefox-45.0.1-1.el6.centos Should be : firefox-45.5.0-1.el6.centos
|
95373 - CentOS 6 / 7 : expat (CESA-2016:2824) |
[-/+] |
Synopsis
The remote CentOS host is missing one or more security updates.Description
An update for expat is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Expat is a C library for parsing XML documents. Security Fix(es) : * An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, possibly, execute arbitrary code with the permission of the user running the application. (CVE-2016-0718) Red Hat would like to thank Gustavo Grieco for reporting this issue.See Also
Solution
Update the affected expat packages.Risk Factor
HighCVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)CVSS Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)CVSS Temporal Score
5.5 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/11/29, Modification date: 2016/12/07Ports
tcp/0
Remote package installed : expat-2.0.1-11.el6_2 Should be : expat-2.0.1-13.el6_8
|
95484 - CentOS 5 / 6 / 7 : firefox (CESA-2016:2843) |
[-/+] |
Synopsis
The remote CentOS host is missing a security update.Description
An update for firefox is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.5.1 ESR. Security Fix(es) : * A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-9079) Red Hat would like to thank the Mozilla project for reporting this issue.See Also
Solution
Update the affected firefox package.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:ND)References
Exploitable with
Core Impact (true)Metasploit (true)Plugin Information:
Publication date: 2016/12/05, Modification date: 2017/01/24Ports
tcp/0
Remote package installed : firefox-45.0.1-1.el6.centos Should be : firefox-45.5.1-1.el6.centos
|
96004 - CentOS 5 / 6 / 7 : firefox (CESA-2016:2946) |
[-/+] |
Synopsis
The remote CentOS host is missing a security update.Description
An update for firefox is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.6.0 ESR. Security Fix(es) : * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-9893, CVE-2016-9899, CVE-2016-9895, CVE-2016-9897, CVE-2016-9898, CVE-2016-9900, CVE-2016-9901, CVE-2016-9902, CVE-2016-9904, CVE-2016-9905) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Philipp, Wladimir Palant, Nils, Jann Horn, Aral, Andrew Krasichkov, insertscript, Jan de Mooij, Iris Hsiao, Christian Holler, Carsten Book, Timothy Nikkel, Christoph Diehl, Olli Pettay, Raymond Forbes, and Boris Zbarsky as the original reporters.See Also
Solution
Update the affected firefox package.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:ND)References
Exploitable with
Core Impact (true)Plugin Information:
Publication date: 2016/12/20, Modification date: 2017/01/26Ports
tcp/0
Remote package installed : firefox-45.0.1-1.el6.centos Should be : firefox-45.6.0-1.el6.centos
|
96050 - CentOS 6 : gstreamer-plugins-good (CESA-2016:2975) |
[-/+] |
Synopsis
The remote CentOS host is missing one or more security updates.Description
An update for gstreamer-plugins-good is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix(es) : * Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use these flaws to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2016-9634, CVE-2016-9635, CVE-2016-9636, CVE-2016-9808) * An invalid memory read access flaw was found in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash. (CVE-2016-9807) Note: This updates removes the vulnerable FLC/FLI/FLX plug-in.See Also
Solution
Update the affected gstreamer-plugins-good packages.Risk Factor
HighCVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)CVSS Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)CVSS Temporal Score
6.2 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/12/22, Modification date: 2017/02/13Ports
tcp/0
Remote package installed : gstreamer-plugins-good-0.10.23-3.el6 Should be : gstreamer-plugins-good-0.10.23-4.el6_8
|
96457 - CentOS 5 / 6 / 7 : java-1.6.0-openjdk (CESA-2017:0061) |
[-/+] |
Synopsis
The remote CentOS host is missing one or more security updates.Description
An update for java-1.6.0-openjdk is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Security Fix(es) : * It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine's memory and completely bypass Java sandbox restrictions. (CVE-2016-5582) * It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol (JDWP) packets. An attacker could possibly use this flaw to send debugging commands to a Java program running with debugging enabled if they could make victim's browser send HTTP requests to the JDWP port of the debugged application. (CVE-2016-5573) * It was discovered that the Libraries component of OpenJDK did not restrict the set of algorithms used for Jar integrity verification. This flaw could allow an attacker to modify content of the Jar file that used weak signing key or hash algorithm. (CVE-2016-5542) Note: After this update, MD2 hash algorithm and RSA keys with less than 1024 bits are no longer allowed to be used for Jar integrity verification by default. MD5 hash algorithm is expected to be disabled by default in the future updates. A newly introduced security property jdk.jar.disabledAlgorithms can be used to control the set of disabled algorithms. * A flaw was found in the way the JMX component of OpenJDK handled classloaders. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2016-5554) * A flaw was found in the way the Networking component of OpenJDK handled HTTP proxy authentication. A Java application could possibly expose HTTPS server authentication credentials via a plain text network connection to an HTTP proxy if proxy asked for authentication. (CVE-2016-5597) Note: After this update, Basic HTTP proxy authentication can no longer be used when tunneling HTTPS connection through an HTTP proxy. Newly introduced system properties jdk.http.auth.proxying.disabledSchemes and jdk.http.auth.tunneling.disabledSchemes can be used to control which authentication schemes can be requested by an HTTP proxy when proxying HTTP and HTTPS connections respectively.See Also
Solution
Update the affected java-1.6.0-openjdk packages.Risk Factor
HighCVSS v3.0 Base Score
9.6 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)CVSS v3.0 Temporal Score
8.6 (CVSS:3.0/E:P/RL:O/RC:X)CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2017/01/13, Modification date: 2017/01/17Ports
tcp/0
Remote package installed : java-1.6.0-openjdk-1.6.0.38-1.13.10.4.el6 Should be : java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el6_8
|
96813 - CentOS 5 / 6 / 7 : firefox (CESA-2017:0190) |
[-/+] |
Synopsis
The remote CentOS host is missing a security update.Description
An update for firefox is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.7.0 ESR. Security Fix(es) : * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378, CVE-2017-5380, CVE-2017-5383, CVE-2017-5386, CVE-2017-5390, CVE-2017-5396) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Jann Horn, Muneaki Nishimura, Nils, Armin Razmjou, Christian Holler, Gary Kwong, Andre Bargull, Jan de Mooij, Tom Schuster, and Oriol, Rh0, Nicolas Gregoire, and Jerri Rice as the original reporters.See Also
Solution
Update the affected firefox package.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2017/01/27, Modification date: 2017/03/15Ports
tcp/0
Remote package installed : firefox-45.0.1-1.el6.centos Should be : firefox-45.7.0-2.el6.centos
|
96929 - CentOS 6 / 7 : libtiff (CESA-2017:0225) |
[-/+] |
Synopsis
The remote CentOS host is missing one or more security updates.Description
An update for libtiff is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es) : * Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files. (CVE-2016-9533, CVE-2016-9534, CVE-2016-9535) * Multiple flaws have been discovered in various libtiff tools (tiff2pdf, tiffcrop, tiffcp, bmp2tiff). By tricking a user into processing a specially crafted file, a remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code with the privileges of the user running the libtiff tool. (CVE-2015-8870, CVE-2016-5652, CVE-2016-9540, CVE-2016-9537, CVE-2016-9536)See Also
Solution
Update the affected libtiff packages.Risk Factor
HighCVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)CVSS Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)References
Plugin Information:
Publication date: 2017/02/02, Modification date: 2017/02/02Ports
tcp/0
Remote package installed : libtiff-3.9.4-10.el6_5 Should be : libtiff-3.9.4-21.el6_8
|
97026 - CentOS 6 / 7 : ntp (CESA-2017:0252) |
[-/+] |
Synopsis
The remote CentOS host is missing one or more security updates.Description
An update for ntp is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix(es) : * It was found that when ntp is configured with rate limiting for all associations the limits are also applied to responses received from its configured sources. A remote attacker who knows the sources can cause a denial of service by preventing ntpd from accepting valid responses from its sources. (CVE-2016-7426) * A flaw was found in the control mode functionality of ntpd. A remote attacker could send a crafted control mode packet which could lead to information disclosure or result in DDoS amplification attacks. (CVE-2016-9310) * A flaw was found in the way ntpd implemented the trap service. A remote attacker could send a specially crafted packet to cause a NULL pointer dereference that will crash ntpd, resulting in a denial of service. (CVE-2016-9311) * A flaw was found in the way ntpd running on a host with multiple network interfaces handled certain server responses. A remote attacker could use this flaw which would cause ntpd to not synchronize with the source. (CVE-2016-7429) * A flaw was found in the way ntpd calculated the root delay. A remote attacker could send a specially crafted spoofed packet to cause denial of service or in some special cases even crash. (CVE-2016-7433)See Also
Solution
Update the affected ntp packages.Risk Factor
HighCVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)CVSS v3.0 Temporal Score
6.0 (CVSS:3.0/E:F/RL:O/RC:X)CVSS Base Score
7.1 (CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)CVSS Temporal Score
5.9 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IReferences
Plugin Information:
Publication date: 2017/02/07, Modification date: 2017/03/31Ports
tcp/0
Remote package installed : ntp-4.2.6p5-10.el6.centos Should be : ntp-4.2.6p5-10.el6.centos.2 Remote package installed : ntpdate-4.2.6p5-10.el6.centos Should be : ntpdate-4.2.6p5-10.el6.centos.2
|
97305 - CentOS 6 / 7 : openssl (CESA-2017:0286) |
[-/+] |
Synopsis
The remote CentOS host is missing one or more security updates.Description
An update for openssl is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es) : * An integer underflow leading to an out of bounds read flaw was found in OpenSSL. A remote attacker could possibly use this flaw to crash a 32-bit TLS/SSL server or client using OpenSSL if it used the RC4-MD5 cipher suite. (CVE-2017-3731) * A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections form other clients. (CVE-2016-8610)See Also
Solution
Update the affected openssl packages.Risk Factor
HighCVSS Base Score
7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)CVSS Temporal Score
5.8 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2017/02/22, Modification date: 2017/02/27Ports
tcp/0
Remote package installed : openssl-1.0.1e-48.el6 Should be : openssl-1.0.1e-48.el6_8.4
|
97330 - CentOS 6 : kernel (CESA-2017:0293) |
[-/+] |
Synopsis
The remote CentOS host is missing one or more security updates.Description
An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation freed SKB (socket buffer) resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system. (CVE-2017-6074, Important)See Also
Solution
Update the affected kernel packages.Risk Factor
HighCVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.2 (CVSS:3.0/E:F/RL:O/RC:X)CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.0 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2017/02/23, Modification date: 2017/03/07Ports
tcp/0
Remote package installed : kernel-2.6.32-642.el6 Should be : kernel-2.6.32-642.13.2.el6 Remote package installed : kernel-firmware-2.6.32-642.el6 Should be : kernel-firmware-2.6.32-642.13.2.el6 Remote package installed : kernel-headers-2.6.32-642.el6 Should be : kernel-headers-2.6.32-642.13.2.el6
|
97472 - CentOS 6 : qemu-kvm (CESA-2017:0352) |
[-/+] |
Synopsis
The remote CentOS host is missing one or more security updates.Description
An update for qemu-kvm is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es) : * Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process. (CVE-2017-2620)See Also
Solution
Update the affected qemu-kvm packages.Risk Factor
HighCVSS Base Score
7.4 (CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C)CVSS Temporal Score
6.3 (CVSS2#E:U/RL:U/RC:C)STIG Severity
IReferences
| CVE |
CVE-2017-2620
|
| XREF |
OSVDB:152349 |
| XREF |
RHSA:2017:0352 |
| XREF |
IAVB:2017-B-0024 |
Plugin Information:
Publication date: 2017/03/02, Modification date: 2017/03/08Ports
tcp/0
Remote package installed : qemu-guest-agent-0.12.1.2-2.491.el6 Should be : qemu-guest-agent-0.12.1.2-2.491.el6_8.7
|
97612 - CentOS 5 / 6 : firefox (CESA-2017:0459) |
[-/+] |
Synopsis
The remote CentOS host is missing a security update.Description
An update for firefox is now available for Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.8.0 ESR. Security Fix(es) : * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5398, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402, CVE-2017-5404, CVE-2017-5407, CVE-2017-5408, CVE-2017-5410, CVE-2017-5405) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Nils, Jerri Rice, Rh0, Anton Eliasson, David Kohlbrenner, Ivan Fratric of Google Project Zero, Anonymous, Eric Lawrence of Chrome Security, Boris Zbarsky, Christian Holler, Honza Bambas, Jon Coppeard, Randell Jesup, Andre Bargull, Kan-Ru Chen, and Nathan Froyd as the original reporters.See Also
Solution
Update the affected firefox package.Risk Factor
HighCVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2017/03/09, Modification date: 2017/03/24Ports
tcp/0
Remote package installed : firefox-45.0.1-1.el6.centos Should be : firefox-45.8.0-2.el6.centos
|
97837 - CentOS 6 : openjpeg (CESA-2017:0559) |
[-/+] |
Synopsis
The remote CentOS host is missing one or more security updates.Description
An update for openjpeg is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenJPEG is an open source library for reading and writing image files in JPEG2000 format. Security Fix(es) : * Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in OpenJPEG. A specially crafted JPEG2000 image could cause an application using OpenJPEG to crash or, potentially, execute arbitrary code. (CVE-2016-5139, CVE-2016-5158, CVE-2016-5159, CVE-2016-7163) * A vulnerability was found in the patch for CVE-2013-6045 for OpenJPEG. A specially crafted JPEG2000 image, when read by an application using OpenJPEG, could cause heap-based buffer overflows leading to a crash or, potentially, arbitrary code execution. (CVE-2016-9675) The CVE-2016-9675 issue was discovered by Doran Moppert (Red Hat Product Security).See Also
Solution
Update the affected openjpeg packages.Risk Factor
HighCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)CVSS Temporal Score
6.1 (CVSS2#E:U/RL:ND/RC:UR)References
Plugin Information:
Publication date: 2017/03/21, Modification date: 2017/03/28Ports
tcp/0
Remote package installed : openjpeg-libs-1.3-11.el6 Should be : openjpeg-libs-1.3-16.el6_8
|
97951 - CentOS 6 : gnutls (CESA-2017:0574) |
[-/+] |
Synopsis
The remote CentOS host is missing one or more security updates.Description
An update for gnutls is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. The following packages have been upgraded to a later upstream version: gnutls (2.12.23). (BZ#1321112, BZ#1326073, BZ#1415682, BZ#1326389) Security Fix(es) : * A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections form other clients. (CVE-2016-8610) * Multiple flaws were found in the way gnutls processed OpenPGP certificates. An attacker could create specially crafted OpenPGP certificates which, when parsed by gnutls, would cause it to crash. (CVE-2017-5335, CVE-2017-5336, CVE-2017-5337) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked from the References section.See Also
Solution
Update the affected gnutls packages. Note that the updated packages may not be immediately available from the package repository and its mirrors.Risk Factor
HighCVSS Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)CVSS Temporal Score
5.5 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2017/03/27, Modification date: 2017/03/28Ports
tcp/0
Remote package installed : gnutls-2.8.5-19.el6_7 Should be : gnutls-2.12.23-21.el6
|
97955 - CentOS 6 : openssh (CESA-2017:0641) |
[-/+] |
Synopsis
The remote CentOS host is missing one or more security updates.Description
An update for openssh is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix(es) : * It was discovered that the OpenSSH sshd daemon fetched PAM environment settings before running the login program. In configurations with UseLogin=yes and the pam_env PAM module configured to read user environment settings, a local user could use this flaw to execute arbitrary code as root. (CVE-2015-8325) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked from the References section.See Also
Solution
Update the affected openssh packages. Note that the updated packages may not be immediately available from the package repository and its mirrors.Risk Factor
HighCVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)References
Plugin Information:
Publication date: 2017/03/27, Modification date: 2017/03/27Ports
tcp/0
Remote package installed : openssh-5.3p1-117.el6 Should be : openssh-5.3p1-122.el6 Remote package installed : openssh-askpass-5.3p1-117.el6 Should be : openssh-askpass-5.3p1-122.el6 Remote package installed : openssh-clients-5.3p1-117.el6 Should be : openssh-clients-5.3p1-122.el6 Remote package installed : openssh-server-5.3p1-117.el6 Should be : openssh-server-5.3p1-122.el6
|
97958 - CentOS 6 : glibc (CESA-2017:0680) |
[-/+] |
Synopsis
The remote CentOS host is missing one or more security updates.Description
An update for glibc is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es) : * A stack overflow vulnerability was found in nan* functions that could cause applications, which process long strings with the nan function, to crash or, potentially, execute arbitrary code. (CVE-2014-9761) * It was found that out-of-range time values passed to the strftime() function could result in an out-of-bounds memory access. This could lead to application crash or, potentially, information disclosure. (CVE-2015-8776) * An integer overflow vulnerability was found in hcreate() and hcreate_r() functions which could result in an out-of-bounds memory access. This could lead to application crash or, potentially, arbitrary code execution. (CVE-2015-8778) * A stack based buffer overflow vulnerability was found in the catopen() function. An excessively long string passed to the function could cause it to crash or, potentially, execute arbitrary code. (CVE-2015-8779) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked from the References section.See Also
Solution
Update the affected glibc packages. Note that the updated packages may not be immediately available from the package repository and its mirrors.Risk Factor
HighCVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)CVSS Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)References
Plugin Information:
Publication date: 2017/03/27, Modification date: 2017/03/27Ports
tcp/0
Remote package installed : glibc-2.12-1.192.el6 Should be : glibc-2.12-1.209.el6 Remote package installed : glibc-common-2.12-1.192.el6 Should be : glibc-common-2.12-1.209.el6 Remote package installed : glibc-devel-2.12-1.192.el6 Should be : glibc-devel-2.12-1.209.el6 Remote package installed : glibc-headers-2.12-1.192.el6 Should be : glibc-headers-2.12-1.209.el6
|
97959 - CentOS 6 : bash (CESA-2017:0725) |
[-/+] |
Synopsis
The remote CentOS host is missing one or more security updates.Description
An update for bash is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The bash packages provide Bash (Bourne-again shell), which is the default shell for Red Hat Enterprise Linux. Security Fix(es) : * An arbitrary command injection flaw was found in the way bash processed the hostname value. A malicious DHCP server could use this flaw to execute arbitrary commands on the DHCP client machines running bash under specific circumstances. (CVE-2016-0634) * An arbitrary command injection flaw was found in the way bash processed the SHELLOPTS and PS4 environment variables. A local, authenticated attacker could use this flaw to exploit poorly written setuid programs to elevate their privileges under certain circumstances. (CVE-2016-7543) * A denial of service flaw was found in the way bash handled popd commands. A poorly written shell script could cause bash to crash resulting in a local denial of service limited to a specific bash session. (CVE-2016-9401) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked from the References section.See Also
Solution
Update the affected bash packages. Note that the updated packages may not be immediately available from the package repository and its mirrors.Risk Factor
HighCVSS v3.0 Base Score
8.4 (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)References
Plugin Information:
Publication date: 2017/03/27, Modification date: 2017/03/27Ports
tcp/0
Remote package installed : bash-4.1.2-40.el6 Should be : bash-4.1.2-48.el6
|
97962 - CentOS 6 : kernel (CESA-2017:0817) |
[-/+] |
Synopsis
The remote CentOS host is missing one or more security updates.Description
An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * It was discovered that a remote attacker could leverage the generation of IPv6 atomic fragments to trigger the use of fragmentation in an arbitrary IPv6 flow (in scenarios in which actual fragmentation of packets is not needed) and could subsequently perform any type of a fragmentation-based attack against legacy IPv6 nodes that do not implement RFC6946. (CVE-2016-10142, Moderate) * A flaw was discovered in the way the Linux kernel dealt with paging structures. When the kernel invalidated a paging structure that was not in use locally, it could, in principle, race against another CPU that is switching to a process that uses the paging structure in question. A local user could use a thread running with a stale cached virtual->physical translation to potentially escalate their privileges if the translation in question were writable and the physical page got reused for something critical (for example, a page table). (CVE-2016-2069, Moderate) * A race condition flaw was found in the ioctl_send_fib() function in the Linux kernel's aacraid implementation. A local attacker could use this flaw to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value. (CVE-2016-6480, Moderate) * It was found that when the gcc stack protector was enabled, reading the /proc/keys file could cause a panic in the Linux kernel due to stack corruption. This happened because an incorrect buffer size was used to hold a 64-bit timeout value rendered as weeks. (CVE-2016-7042, Moderate) * It was found that when file permissions were modified via chmod and the user modifying them was not in the owning group or capable of CAP_FSETID, the setgid bit would be cleared. Setting a POSIX ACL via setxattr sets the file permissions as well as the new ACL, but doesn't clear the setgid bit in a similar way. This could allow a local user to gain group privileges via certain setgid applications. (CVE-2016-7097, Moderate) * A flaw was found in the Linux networking subsystem where a local attacker with CAP_NET_ADMIN capabilities could cause an out-of-bounds memory access by creating a smaller-than-expected ICMP header and sending to its destination via sendto(). (CVE-2016-8399, Moderate) * It was found that the blk_rq_map_user_iov() function in the Linux kernel's block device implementation did not properly restrict the type of iterator, which could allow a local attacker to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging write access to a /dev/sg device. (CVE-2016-9576, CVE-2016-10088, Moderate) * A flaw was found in the USB-MIDI Linux kernel driver: a double-free error could be triggered for the 'umidi' object. An attacker with physical access to the system could use this flaw to escalate their privileges. (CVE-2016-2384, Low) The CVE-2016-7042 issue was discovered by Ondrej Kozina (Red Hat) and the CVE-2016-7097 issue was discovered by Andreas Gruenbacher (Red Hat) and Jan Kara (SUSE). Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked from the References section.See Also
Solution
Update the affected kernel packages. Note that the updated packages may not be immediately available from the package repository and its mirrors.Risk Factor
HighCVSS v3.0 Base Score
8.6 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H)CVSS Base Score
7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)References
Plugin Information:
Publication date: 2017/03/27, Modification date: 2017/03/27Ports
tcp/0
Remote package installed : kernel-2.6.32-642.el6 Should be : kernel-2.6.32-696.el6 Remote package installed : kernel-firmware-2.6.32-642.el6 Should be : kernel-firmware-2.6.32-696.el6 Remote package installed : kernel-headers-2.6.32-642.el6 Should be : kernel-headers-2.6.32-696.el6
|
91394 - CentOS 6 / 7 : ntp (CESA-2016:1141) |
[-/+] |
Synopsis
The remote CentOS host is missing one or more security updates.Description
An update for ntp is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix(es) : * It was found that when NTP was configured in broadcast mode, a remote attacker could broadcast packets with bad authentication to all clients. The clients, upon receiving the malformed packets, would break the association with the broadcast server, causing them to become out of sync over a longer period of time. (CVE-2015-7979) * A denial of service flaw was found in the way NTP handled preemptable client associations. A remote attacker could send several crypto NAK packets to a victim client, each with a spoofed source address of an existing associated peer, preventing that client from synchronizing its time. (CVE-2016-1547) * It was found that an ntpd client could be forced to change from basic client/server mode to the interleaved symmetric mode. A remote attacker could use a spoofed packet that, when processed by an ntpd client, would cause that client to reject all future legitimate server responses, effectively disabling time synchronization on that client. (CVE-2016-1548) * A flaw was found in the way NTP's libntp performed message authentication. An attacker able to observe the timing of the comparison function used in packet authentication could potentially use this flaw to recover the message digest. (CVE-2016-1550) * An out-of-bounds access flaw was found in the way ntpd processed certain packets. An authenticated attacker could use a crafted packet to create a peer association with hmode of 7 and larger, which could potentially (although highly unlikely) cause ntpd to crash. (CVE-2016-2518) The CVE-2016-1548 issue was discovered by Miroslav Lichvar (Red Hat).See Also
Solution
Update the affected ntp packages.Risk Factor
MediumCVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)CVSS v3.0 Temporal Score
6.5 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P)CVSS Temporal Score
4.7 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/06/01, Modification date: 2017/02/13Ports
tcp/0
Remote package installed : ntp-4.2.6p5-10.el6.centos Should be : ntp-4.2.6p5-10.el6.centos.1 Remote package installed : ntpdate-4.2.6p5-10.el6.centos Should be : ntpdate-4.2.6p5-10.el6.centos.1
|
91635 - CentOS 5 / 6 / 7 : firefox (CESA-2016:1217) |
[-/+] |
Synopsis
The remote CentOS host is missing a security update.Description
An update for firefox is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.2.0 ESR. Security Fix(es) : * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-2818, CVE-2016-2819, CVE-2016-2821, CVE-2016-2822, CVE-2016-2828, CVE-2016-2831) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges sushi Anton Larsson, firehack, Jordi Chancel, Christian Holler, Sylvestre Ledru, Tyson Smith, jomo, Jesse Ruderman, Julian Seward, Timothy Nikkel, Karl Tomlinson, Olli Pettay, and Gary Kwong as the original reporters.See Also
Solution
Update the affected firefox package.Risk Factor
MediumCVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)CVSS Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)References
| CVE |
CVE-2016-2818
|
| CVE |
CVE-2016-2819
|
| CVE |
CVE-2016-2821
|
| CVE |
CVE-2016-2822
|
| CVE |
CVE-2016-2828
|
| CVE |
CVE-2016-2831
|
| XREF |
OSVDB:139436 |
| XREF |
OSVDB:139437 |
| XREF |
OSVDB:139438 |
| XREF |
OSVDB:139439 |
| XREF |
OSVDB:139440 |
| XREF |
OSVDB:139441 |
| XREF |
OSVDB:139442 |
| XREF |
OSVDB:139443 |
| XREF |
OSVDB:139444 |
| XREF |
OSVDB:139445 |
| XREF |
OSVDB:139446 |
| XREF |
OSVDB:139447 |
| XREF |
OSVDB:139448 |
| XREF |
OSVDB:139455 |
| XREF |
OSVDB:139456 |
| XREF |
OSVDB:139457 |
| XREF |
OSVDB:139461 |
| XREF |
OSVDB:139463 |
| XREF |
RHSA:2016:1217 |
Plugin Information:
Publication date: 2016/06/17, Modification date: 2016/11/17Ports
tcp/0
Remote package installed : firefox-45.0.1-1.el6.centos Should be : firefox-45.2.0-1.el6.centos
|
92378 - CentOS 5 / 6 : httpd (CESA-2016:1421) (httpoxy) |
[-/+] |
Synopsis
The remote CentOS host is missing one or more security updates.Description
An update for httpd is now available for Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es) : * It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-5387) Note: After this update, httpd will no longer pass the value of the Proxy request header to scripts via the HTTP_PROXY environment variable. Red Hat would like to thank Scott Geary (VendHQ) for reporting this issue.See Also
Solution
Update the affected httpd packages.Risk Factor
MediumCVSS v3.0 Base Score
8.1 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.4 (CVSS:3.0/E:F/RL:O/RC:X)CVSS Base Score
5.1 (CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)CVSS Temporal Score
4.2 (CVSS2#E:F/RL:OF/RC:ND)STIG Severity
IReferences
| CVE |
CVE-2016-5387
|
| XREF |
OSVDB:141669 |
| XREF |
RHSA:2016:1421 |
| XREF |
IAVA:2017-A-0010 |
Plugin Information:
Publication date: 2016/07/19, Modification date: 2017/01/16Ports
tcp/0
Remote package installed : httpd-2.2.15-53.el6.centos Should be : httpd-2.2.15-54.el6.centos Remote package installed : httpd-tools-2.2.15-53.el6.centos Should be : httpd-tools-2.2.15-54.el6.centos
|
92567 - CentOS 6 : samba4 (CESA-2016:1487) |
[-/+] |
Synopsis
The remote CentOS host is missing one or more security updates.Description
An update for samba4 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix(es) : * A flaw was found in the way Samba initiated signed DCE/RPC connections. A man-in-the-middle attacker could use this flaw to downgrade the connection to not use signing and therefore impersonate the server. (CVE-2016-2119) Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Stefan Metzmacher as the original reporter.See Also
Solution
Update the affected samba4 packages.Risk Factor
MediumCVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
6.5 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)CVSS Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/07/27, Modification date: 2016/12/27Ports
tcp/0
Remote package installed : samba4-libs-4.2.10-6.el6_7 Should be : samba4-libs-4.2.10-7.el6_8
|
92826 - CentOS 6 : qemu-kvm (CESA-2016:1585) |
[-/+] |
Synopsis
The remote CentOS host is missing one or more security updates.Description
An update for qemu-kvm is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-space component for running virtual machines using KVM. Security Fix(es) : * Quick emulator(Qemu) built with the virtio framework is vulnerable to an unbounded memory allocation issue. It was found that a malicious guest user could submit more requests than the virtqueue size permits. Processing a request allocates a VirtQueueElement and therefore causes unbounded memory allocation on the host controlled by the guest. (CVE-2016-5403) Red Hat would like to thank hongzhenhao (Marvel Team) for reporting this issue.See Also
Solution
Update the affected qemu-kvm packages.Risk Factor
MediumCVSS v3.0 Base Score
5.5 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)CVSS v3.0 Temporal Score
5.3 (CVSS:3.0/E:F/RL:X/RC:X)CVSS Base Score
4.9 (CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C)CVSS Temporal Score
4.7 (CVSS2#E:F/RL:ND/RC:ND)References
Plugin Information:
Publication date: 2016/08/10, Modification date: 2016/11/17Ports
tcp/0
Remote package installed : qemu-guest-agent-0.12.1.2-2.491.el6 Should be : qemu-guest-agent-0.12.1.2-2.491.el6_8.3
|
93029 - CentOS 6 / 7 : python (CESA-2016:1626) (httpoxy) |
[-/+] |
Synopsis
The remote CentOS host is missing one or more security updates.Description
An update for python is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es) : * It was discovered that the Python CGIHandler class did not properly protect against the HTTP_PROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a Python CGI script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-1000110) * It was found that Python's smtplib library did not return an exception when StartTLS failed to be established in the SMTP.starttls() function. A man in the middle attacker could strip out the STARTTLS command without generating an exception on the Python SMTP client application, preventing the establishment of the TLS layer. (CVE-2016-0772) * It was found that the Python's httplib library (used by urllib, urllib2 and others) did not properly check HTTPConnection.putheader() function arguments. An attacker could use this flaw to inject additional headers in a Python application that allowed user provided header names or values. (CVE-2016-5699) Red Hat would like to thank Scott Geary (VendHQ) for reporting CVE-2016-1000110.See Also
Solution
Update the affected python packages.Risk Factor
MediumCVSS Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)CVSS Temporal Score
3.6 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/08/19, Modification date: 2016/12/21Ports
tcp/0
Remote package installed : python-2.6.6-64.el6 Should be : python-2.6.6-66.el6_8 Remote package installed : python-libs-2.6.6-64.el6 Should be : python-libs-2.6.6-66.el6_8
|
93099 - CentOS 6 : kernel (CESA-2016:1664) |
[-/+] |
Synopsis
The remote CentOS host is missing one or more security updates.Description
An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : It was found that the RFC 5961 challenge ACK rate limiting as implemented in the Linux kernel's networking subsystem allowed an off-path attacker to leak certain information about a given connection by creating congestion on the global challenge ACK rate limit counter and then measuring the changes by probing packets. An off-path attacker could use this flaw to either terminate TCP connection and/or inject payload into non-secured TCP connection between two endpoints on the network. (CVE-2016-5696, Important) Red Hat would like to thank Yue Cao (Cyber Security Group of the CS department of University of California in Riverside) for reporting this issue. Bug Fix(es) : * When loading the Direct Rendering Manager (DRM) kernel module, the kernel panicked if DRM was previously unloaded. The kernel panic was caused by a memory leak of the ID Resolver (IDR2). With this update, IDR2 is loaded during kernel boot, and the kernel panic no longer occurs in the described scenario. (BZ#1353827) * When more than one process attempted to use the 'configfs' directory entry at the same time, a kernel panic in some cases occurred. With this update, a race condition between a directory entry and a lookup operation has been fixed. As a result, the kernel no longer panics in the described scenario. (BZ#1353828) * When shutting down the system by running the halt -p command, a kernel panic occurred due to a conflict between the kernel offlining CPUs and the sched command, which used the sched group and the sched domain data without first checking the data. The underlying source code has been fixed by adding a check to avoid the conflict. As a result, the described scenario no longer results in a kernel panic. (BZ#1343894) * In some cases, running the ipmitool command caused a kernel panic due to a race condition in the ipmi message handler. This update fixes the race condition, and the kernel panic no longer occurs in the described scenario. (BZ#1355980) * Previously, multiple Very Secure FTP daemon (vsftpd) processes on a directory with a large number of files led to a high contention rate on each inode's spinlock, which caused excessive CPU usage. With this update, a spinlock to protect a single memory-to-memory copy has been removed from the ext4_getattr() function. As a result, system CPU usage has been reduced and is no longer excessive in the described situation. (BZ#1355981) * When the gfs2_grow utility is used to extend Global File System 2 (GFS2), the next block allocation causes the GFS2 kernel module to re-read its resource group index. If multiple processes in the GFS2 module raced to do the same thing, one process sometimes overwrote a valid object pointer with an invalid pointer, which caused either a kernel panic or a file system corruption. This update ensures that the resource group object pointer is not overwritten. As a result, neither kernel panic nor file system corruption occur in the described scenario. (BZ#1347539) * Previously, the SCSI Remote Protocol over InfiniBand (IB-SRP) was disabled due to a bug in the srp_queue() function. As a consequence, an attempt to enable the Remote Direct Memory Access (RDMA) at boot caused the kernel to crash. With this update, srp_queue() has been fixed, and the system now boots as expected when RDMA is enabled. (BZ#1348062) Enhancement(s) : * This update optimizes the efficiency of the Transmission Control Protocol (TCP) when the peer is using a window under 537 bytes in size. As a result, devices that use maximum segment size (MSS) of 536 bytes or fewer will experience improved network performance. (BZ#1354446)See Also
Solution
Update the affected kernel packages.Risk Factor
MediumCVSS v3.0 Base Score
4.8 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)CVSS v3.0 Temporal Score
4.4 (CVSS:3.0/E:F/RL:O/RC:X)CVSS Base Score
5.8 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P)CVSS Temporal Score
4.8 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/08/25, Modification date: 2016/11/29Ports
tcp/0
Remote package installed : kernel-2.6.32-642.el6 Should be : kernel-2.6.32-642.4.2.el6 Remote package installed : kernel-firmware-2.6.32-642.el6 Should be : kernel-firmware-2.6.32-642.4.2.el6 Remote package installed : kernel-headers-2.6.32-642.el6 Should be : kernel-headers-2.6.32-642.4.2.el6
|
93129 - CentOS 5 / 6 / 7 : java-1.6.0-openjdk (CESA-2016:1776) |
[-/+] |
Synopsis
The remote CentOS host is missing one or more security updates.Description
An update for java-1.6.0-openjdk is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Security Fix(es) : * An insufficient bytecode verification flaw was discovered in the Hotspot component in OpenJDK. An untrusted Java application or applet could use this flaw to completely bypass Java sandbox restrictions. (CVE-2016-3606) * Multiple denial of service flaws were found in the JAXP component in OpenJDK. A specially crafted XML file could cause a Java application using JAXP to consume an excessive amount of CPU and memory when parsed. (CVE-2016-3500, CVE-2016-3508) * Multiple flaws were found in the CORBA and Hotsport components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2016-3458, CVE-2016-3550)See Also
Solution
Update the affected java-1.6.0-openjdk packages.Risk Factor
MediumCVSS v3.0 Base Score
9.6 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)CVSS Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)CVSS Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/08/29, Modification date: 2016/11/29Ports
tcp/0
Remote package installed : java-1.6.0-openjdk-1.6.0.38-1.13.10.4.el6 Should be : java-1.6.0-openjdk-1.6.0.40-1.13.12.6.el6_8
|
93318 - CentOS 6 / 7 : ipa (CESA-2016:1797) |
[-/+] |
Synopsis
The remote CentOS host is missing one or more security updates.Description
An update for ipa is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix(es) : * An insufficient permission check issue was found in the way IPA server treats certificate revocation requests. An attacker logged in with the 'retrieve certificate' permission enabled could use this flaw to revoke certificates, possibly triggering a denial of service attack. (CVE-2016-5404) This issue was discovered by Fraser Tweedale (Red Hat).See Also
Solution
Update the affected ipa packages.Risk Factor
MediumCVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)CVSS v3.0 Temporal Score
6.0 (CVSS:3.0/E:F/RL:O/RC:X)CVSS Base Score
4.0 (CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P)CVSS Temporal Score
3.3 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/09/06, Modification date: 2016/11/17Ports
tcp/0
Remote package installed : ipa-client-3.0.0-50.el6.centos.1 Should be : ipa-client-3.0.0-50.el6.centos.2 Remote package installed : ipa-python-3.0.0-50.el6.centos.1 Should be : ipa-python-3.0.0-50.el6.centos.2
|
93542 - CentOS 6 : libarchive (CESA-2016:1850) |
[-/+] |
Synopsis
The remote CentOS host is missing one or more security updates.Description
An update for libarchive is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. Security Fix(es) : * A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive's file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with arbitrary data from the archive. (CVE-2016-5418) * Multiple out-of-bounds read flaws were found in libarchive. Specially crafted AR or MTREE files could cause the application to read data out of bounds, potentially disclosing a small amount of application memory, or causing an application crash. (CVE-2015-8920, CVE-2015-8921) * A denial of service vulnerability was found in libarchive's handling of GZIP streams. A crafted GZIP file could cause libarchive to allocate an excessive amount of memory, eventually leading to a crash. (CVE-2016-7166) * A denial of service vulnerability was found in libarchive. A specially crafted CPIO archive containing a symbolic link to a large target path could cause memory allocation to fail, causing an application using libarchive that attempted to view or extract such archive to crash. (CVE-2016-4809) * Multiple instances of undefined behavior due to arithmetic overflow were found in libarchive. Specially crafted Compress streams or ISO9660 volumes could potentially cause the application to fail to read the archive, or to crash. (CVE-2015-8932, CVE-2016-5844) Red Hat would like to thank Insomnia Security for reporting CVE-2016-5418.See Also
Solution
Update the affected libarchive packages.Risk Factor
MediumCVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)CVSS v3.0 Temporal Score
6.5 (CVSS:3.0/E:U/RL:O/RC:C)CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)CVSS Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/09/16, Modification date: 2016/11/17Ports
tcp/0
Remote package installed : libarchive-2.8.3-4.el6_2 Should be : libarchive-2.8.3-7.el6_8
|
94202 - CentOS 5 / 6 : bind (CESA-2016:2093) |
[-/+] |
Synopsis
The remote CentOS host is missing one or more security updates.Description
An update for bind is now available for Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es) : * A denial of service flaw was found in the way BIND handled packets with malformed options. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS packet. (CVE-2016-2848)See Also
Solution
Update the affected bind packages.Risk Factor
MediumCVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)CVSS Temporal Score
4.1 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/10/24, Modification date: 2016/11/17Ports
tcp/0
Remote package installed : bind-libs-9.8.2-0.47.rc1.el6 Should be : bind-libs-9.8.2-0.47.rc1.el6_8.2 Remote package installed : bind-utils-9.8.2-0.47.rc1.el6 Should be : bind-utils-9.8.2-0.47.rc1.el6_8.2
|
94471 - CentOS 5 / 6 : bind (CESA-2016:2141) |
[-/+] |
Synopsis
The remote CentOS host is missing one or more security updates.Description
An update for bind is now available for Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es) : * A denial of service flaw was found in the way BIND handled responses containing a DNAME answer. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. (CVE-2016-8864) Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Tony Finch (University of Cambridge) and Marco Davids (SIDN Labs) as the original reporters.See Also
Solution
Update the affected bind packages.Risk Factor
MediumCVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)CVSS Temporal Score
4.1 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/11/03, Modification date: 2017/01/23Ports
tcp/0
Remote package installed : bind-libs-9.8.2-0.47.rc1.el6 Should be : bind-libs-9.8.2-0.47.rc1.el6_8.3 Remote package installed : bind-utils-9.8.2-0.47.rc1.el6 Should be : bind-utils-9.8.2-0.47.rc1.el6_8.3
|
94741 - CentOS 6 / 7 : libgcrypt (CESA-2016:2674) |
[-/+] |
Synopsis
The remote CentOS host is missing one or more security updates.Description
An update for libgcrypt is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libgcrypt library provides general-purpose implementations of various cryptographic algorithms. Security Fix(es) : * A design flaw was found in the libgcrypt PRNG (Pseudo-Random Number Generator). An attacker able to obtain the first 580 bytes of the PRNG output could predict the following 20 bytes. (CVE-2016-6313) Red Hat would like to thank Felix Dorre and Vladimir Klebanov for reporting this issue.See Also
Solution
Update the affected libgcrypt packages.Risk Factor
MediumCVSS v3.0 Base Score
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)CVSS v3.0 Temporal Score
4.9 (CVSS:3.0/E:F/RL:O/RC:X)CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)CVSS Temporal Score
4.1 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/11/14, Modification date: 2016/12/27Ports
tcp/0
Remote package installed : libgcrypt-1.4.5-11.el6_4 Should be : libgcrypt-1.4.5-12.el6_8
|
95577 - CentOS 6 / 7 : sudo (CESA-2016:2872) |
[-/+] |
Synopsis
The remote CentOS host is missing one or more security updates.Description
An update for sudo is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix(es) : * It was discovered that the sudo noexec restriction could have been bypassed if application run via sudo executed system(), popen(), or wordexp() C library functions with a user-supplied argument. A local user permitted to run such application via sudo with noexec restriction could use these flaws to execute arbitrary commands with elevated privileges. (CVE-2016-7032, CVE-2016-7076) These issues were discovered by Florian Weimer (Red Hat).See Also
Solution
Update the affected sudo packages.Risk Factor
MediumCVSS Base Score
6.9 (CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.7 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2016/12/07, Modification date: 2016/12/08Ports
tcp/0
Remote package installed : sudo-1.8.6p3-24.el6 Should be : sudo-1.8.6p3-25.el6_8
|
96048 - CentOS 6 / 7 : vim (CESA-2016:2972) |
[-/+] |
Synopsis
The remote CentOS host is missing one or more security updates.Description
An update for vim is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Vim (Vi IMproved) is an updated and improved version of the vi editor. Security Fix(es) : * A vulnerability was found in vim in how certain modeline options were treated. An attacker could craft a file that, when opened in vim with modelines enabled, could execute arbitrary commands with privileges of the user running vim. (CVE-2016-1248)See Also
Solution
Update the affected vim packages.Risk Factor
MediumCVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)CVSS Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2016/12/22, Modification date: 2016/12/27Ports
tcp/0
Remote package installed : vim-common-7.4.629-5.el6 Should be : vim-common-7.4.629-5.el6_8.1 Remote package installed : vim-enhanced-7.4.629-5.el6 Should be : vim-enhanced-7.4.629-5.el6_8.1 Remote package installed : vim-filesystem-7.4.629-5.el6 Should be : vim-filesystem-7.4.629-5.el6_8.1 Remote package installed : vim-minimal-7.4.629-5.el6 Should be : vim-minimal-7.4.629-5.el6_8.1
|
96049 - CentOS 6 : gstreamer-plugins-bad-free (CESA-2016:2974) |
[-/+] |
Synopsis
The remote CentOS host is missing one or more security updates.Description
An update for gstreamer-plugins-bad-free is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fix(es) : * An integer overflow flaw, leading to a heap-based buffer overflow, was found in GStreamer's VMware VMnc video file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2016-9445) * A memory corruption flaw was found in GStreamer's Nintendo NSF music file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2016-9447) Note: This updates removes the vulnerable Nintendo NSF plug-in.See Also
Solution
Update the affected gstreamer-plugins-bad-free packages.Risk Factor
MediumCVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVSS Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)CVSS Temporal Score
6.5 (CVSS2#E:F/RL:U/RC:ND)References
Plugin Information:
Publication date: 2016/12/22, Modification date: 2017/01/31Ports
tcp/0
Remote package installed : gstreamer-plugins-bad-free-0.10.19-3.el6_5 Should be : gstreamer-plugins-bad-free-0.10.19-5.el6_8
|
96286 - CentOS 6 : ghostscript (CESA-2017:0014) |
[-/+] |
Synopsis
The remote CentOS host is missing one or more security updates.Description
An update for ghostscript is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es) : * It was found that the ghostscript functions getenv, filenameforall and .libfile did not honor the -dSAFER option, usually used when processing untrusted documents, leading to information disclosure. A specially crafted postscript document could read environment variable, list directory and retrieve file content respectively, from the target. (CVE-2013-5653, CVE-2016-7977) * It was found that the ghostscript function .initialize_dsc_parser did not validate its parameter before using it, allowing a type confusion flaw. A specially crafted postscript document could cause a crash code execution in the context of the gs process. (CVE-2016-7979) * It was found that ghostscript did not sufficiently check the validity of parameters given to the .sethalftone5 function. A specially crafted postscript document could cause a crash, or execute arbitrary code in the context of the gs process. (CVE-2016-8602)See Also
Solution
Update the affected ghostscript packages.Risk Factor
MediumCVSS v3.0 Base Score
5.5 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)CVSS v3.0 Temporal Score
5.1 (CVSS:3.0/E:F/RL:O/RC:X)CVSS Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)CVSS Temporal Score
3.6 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2017/01/05, Modification date: 2017/03/13Ports
tcp/0
Remote package installed : ghostscript-8.70-21.el6 Should be : ghostscript-8.70-21.el6_8.1
|
96568 - CentOS 5 / 6 : bind (CESA-2017:0063) |
[-/+] |
Synopsis
The remote CentOS host is missing one or more security updates.Description
An update for bind is now available for Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es) : * A denial of service flaw was found in the way BIND handled a query response containing inconsistent DNSSEC information. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. (CVE-2016-9147) Red Hat would like to thank ISC for reporting this issue.See Also
Solution
Update the affected bind packages.Risk Factor
MediumCVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)CVSS Temporal Score
4.1 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2017/01/18, Modification date: 2017/02/21Ports
tcp/0
Remote package installed : bind-libs-9.8.2-0.47.rc1.el6 Should be : bind-libs-9.8.2-0.47.rc1.el6_8.4 Remote package installed : bind-utils-9.8.2-0.47.rc1.el6 Should be : bind-utils-9.8.2-0.47.rc1.el6_8.4
|
97134 - CentOS 5 / 6 / 7 : java-1.7.0-openjdk (CESA-2017:0269) |
[-/+] |
Synopsis
The remote CentOS host is missing one or more security updates.Description
An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es) : * It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. (CVE-2017-3241) This issue was addressed by introducing whitelists of classes that can be deserialized by RMI registry or DCG. These whitelists can be customized using the newly introduced sun.rmi.registry.registryFilter and sun.rmi.transport.dgcFilter security properties. * Multiple flaws were discovered in the Libraries and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2017-3272, CVE-2017-3289) * A covert timing channel flaw was found in the DSA implementation in the Libraries component of OpenJDK. A remote attacker could possibly use this flaw to extract certain information about the used key via a timing side channel. (CVE-2016-5548) * It was discovered that the Libraries component of OpenJDK accepted ECSDA signatures using non-canonical DER encoding. This could cause a Java application to accept signature in an incorrect format not accepted by other cryptographic tools. (CVE-2016-5546) * It was discovered that the 2D component of OpenJDK performed parsing of iTXt and zTXt PNG image chunks even when configured to ignore metadata. An attacker able to make a Java application parse a specially crafted PNG image could cause the application to consume an excessive amount of memory. (CVE-2017-3253) * It was discovered that the Libraries component of OpenJDK did not validate the length of the object identifier read from the DER input before allocating memory to store the OID. An attacker able to make a Java application decode a specially crafted DER input could cause the application to consume an excessive amount of memory. (CVE-2016-5547) * It was discovered that the JAAS component of OpenJDK did not use the correct way to extract user DN from the result of the user search LDAP query. A specially crafted user LDAP entry could cause the application to use an incorrect DN. (CVE-2017-3252) * It was discovered that the Networking component of OpenJDK failed to properly parse user info from the URL. A remote attacker could cause a Java application to incorrectly parse an attacker supplied URL and interpret it differently from other applications processing the same URL. (CVE-2016-5552) * Multiple flaws were found in the Networking components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2017-3261, CVE-2017-3231) * A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183) This update mitigates the CVE-2016-2183 issue by adding 3DES cipher suites to the list of legacy algorithms (defined using the jdk.tls.legacyAlgorithms security property) so they are only used if connecting TLS/SSL client and server do not share any other non-legacy cipher suite.See Also
Solution
Update the affected java-1.7.0-openjdk packages.Risk Factor
MediumCVSS v3.0 Base Score
9.6 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)CVSS Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)CVSS Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2017/02/14, Modification date: 2017/02/16Ports
tcp/0
Remote package installed : java-1.7.0-openjdk-1.7.0.99-2.6.5.1.el6 Should be : java-1.7.0-openjdk-1.7.0.131-2.6.9.0.el6_8
|
97957 - CentOS 6 : samba (CESA-2017:0662) |
[-/+] |
Synopsis
The remote CentOS host is missing one or more security updates.Description
An update for samba is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es) : * It was found that Samba always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users. (CVE-2016-2125) * A flaw was found in the way Samba handled PAC (Privilege Attribute Certificate) checksums. A remote, authenticated attacker could use this flaw to crash the winbindd process. (CVE-2016-2126) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked from the References section.See Also
Solution
Update the affected samba packages.Risk Factor
MediumCVSS Base Score
4.3 (CVSS2#AV:A/AC:M/Au:N/C:P/I:P/A:N)CVSS Temporal Score
3.2 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2017/03/27, Modification date: 2017/03/31Ports
tcp/0
Remote package installed : libsmbclient-3.6.23-33.el6 Should be : libsmbclient-3.6.23-41.el6 Remote package installed : samba-client-3.6.23-33.el6 Should be : samba-client-3.6.23-41.el6 Remote package installed : samba-common-3.6.23-33.el6 Should be : samba-common-3.6.23-41.el6 Remote package installed : samba-winbind-3.6.23-33.el6 Should be : samba-winbind-3.6.23-41.el6 Remote package installed : samba-winbind-clients-3.6.23-33.el6 Should be : samba-winbind-clients-3.6.23-41.el6
|
97960 - CentOS 6 : samba4 (CESA-2017:0744) |
[-/+] |
Synopsis
The remote CentOS host is missing one or more security updates.Description
An update for samba4 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix(es) : * It was found that Samba always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users. (CVE-2016-2125) * A flaw was found in the way Samba handled PAC (Privilege Attribute Certificate) checksums. A remote, authenticated attacker could use this flaw to crash the winbindd process. (CVE-2016-2126) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked from the References section.See Also
Solution
Update the affected samba4 packages.Risk Factor
MediumCVSS Base Score
4.3 (CVSS2#AV:A/AC:M/Au:N/C:P/I:P/A:N)CVSS Temporal Score
3.2 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2017/03/27, Modification date: 2017/03/31Ports
tcp/0
Remote package installed : samba4-libs-4.2.10-6.el6_7 Should be : samba4-libs-4.2.10-9.el6
|
97390 - CentOS 6 : qemu-kvm (CESA-2017:0309) |
[-/+] |
Synopsis
The remote CentOS host is missing one or more security updates.Description
An update for qemu-kvm is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es) : * Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the Qemu process resulting in DoS or potentially execute arbitrary code on the host with privileges of Qemu process on the host. (CVE-2017-2615) * An out-of-bounds read-access flaw was found in the QEMU emulator built with IP checksum routines. The flaw could occur when computing a TCP/UDP packet's checksum, because a QEMU function used the packet's payload length without checking against the data buffer's size. A user inside a guest could use this flaw to crash the QEMU process (denial of service). (CVE-2016-2857) Red Hat would like to thank Wjjzhang (Tencent.com Inc.) Li Qiang (360.cn Inc.) for reporting CVE-2017-2615 and Ling Liu (Qihoo 360 Inc.) for reporting CVE-2016-2857. This update also fixes the following bug : * Previously, rebooting a guest virtual machine more than 128 times in a short period of time caused the guest to shut down instead of rebooting, because the virtqueue was not cleaned properly. This update ensures that the virtqueue is cleaned more reliably, which prevents the described problem from occurring. (BZ#1408389) All qemu-kvm users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.See Also
Solution
Update the affected qemu-kvm packages.Risk Factor
LowCVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)CVSS Base Score
2.1 (CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P)CVSS Temporal Score
1.9 (CVSS2#E:POC/RL:U/RC:ND)STIG Severity
IReferences
Plugin Information:
Publication date: 2017/02/27, Modification date: 2017/02/28Ports
tcp/0
Remote package installed : qemu-guest-agent-0.12.1.2-2.491.el6 Should be : qemu-guest-agent-0.12.1.2-2.491.el6_8.6
|
97952 - CentOS 6 : qemu-kvm (CESA-2017:0621) |
[-/+] |
Synopsis
The remote CentOS host is missing one or more security updates.Description
An update for qemu-kvm is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es) : * An integer overflow flaw and an out-of-bounds read flaw were found in the way QEMU's VGA emulator set certain VGA registers while in VBE mode. A privileged guest user could use this flaw to crash the QEMU process instance. (CVE-2016-3712) Red Hat would like to thank Zuozhi Fzz (Alibaba Inc.) for reporting this issue. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked from the References section.See Also
Solution
Update the affected qemu-kvm packages.Risk Factor
LowCVSS v3.0 Base Score
5.5 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)CVSS Base Score
2.1 (CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P)CVSS Temporal Score
1.6 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2017/03/27, Modification date: 2017/03/28Ports
tcp/0
Remote package installed : qemu-guest-agent-0.12.1.2-2.491.el6 Should be : qemu-guest-agent-0.12.1.2-2.503.el6
|
97956 - CentOS 6 : coreutils (CESA-2017:0654) |
[-/+] |
Synopsis
The remote CentOS host is missing one or more security updates.Description
An update for coreutils is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The coreutils packages contain the GNU Core Utilities and represent a combination of the previously used GNU fileutils, sh-utils, and textutils packages. Security Fix(es) : * A race condition was found in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions. (CVE-2017-2616) Red Hat would like to thank Tobias Stockmann for reporting this issue. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked from the References section.See Also
Solution
Update the affected coreutils packages.Risk Factor
LowCVSS Base Score
1.9 (CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:P)CVSS Temporal Score
1.6 (CVSS2#E:F/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2017/03/27, Modification date: 2017/03/28Ports
tcp/0
Remote package installed : coreutils-8.4-43.el6 Should be : coreutils-8.4-46.el6 Remote package installed : coreutils-libs-8.4-43.el6 Should be : coreutils-libs-8.4-46.el6
|
12634 - Authenticated Check : OS Name and Installed Package Enumeration |
[-/+] |
Synopsis
This plugin gathers information about the remote host via an authenticated session.Description
This plugin logs into the remote host using SSH, RSH, RLOGIN, Telnet, or local commands and extracts the list of installed packages. If using SSH, the scan should be configured with a valid SSH public key and possibly an SSH passphrase (if the SSH public key is protected by a passphrase).Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/07/06, Modification date: 2017/04/10Ports
tcp/0
It was possible to log into the remote host using the supplied password. The output of "uname -a" is : Linux trooper 2.6.32-642.el6.x86_64 #1 SMP Tue May 10 17:27:01 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux The remote CentOS system is : CentOS release 6.8 (Final) Local security checks have been enabled for this host.
|
19506 - Nessus Scan Information |
[-/+] |
Synopsis
This plugin displays information about the Nessus scan.Description
This plugin displays, for each tested host, information about the scan itself : - The version of the plugin set. - The type of scanner (Nessus or Nessus Home). - The version of the Nessus Engine. - The port scanner(s) used. - The port range scanned. - Whether credentialed or third-party patch management checks are possible. - The date of the scan. - The duration of the scan. - The number of hosts scanned in parallel. - The number of checks done in parallel.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2005/08/26, Modification date: 2017/02/24Ports
tcp/0
Information about this scan : Nessus version : 6.10.4 Plugin feed version : 201704110615 Scanner edition used : Nessus Scan type : Normal Scan policy used : Credentialed Patch Audit Scanner IP : 10.1.1.112 Port scanner(s) : netstat Port range : 1-65535 Thorough tests : no Experimental tests : no Paranoia level : 1 Report verbosity : 1 Safe checks : yes Optimize the test : yes Credentialed checks : yes, as 'troposman' via ssh Patch management checks : None CGI scanning : disabled Web application tests : disabled Max hosts : 30 Max checks : 4 Recv timeout : 5 Backports : None Allow post-scan editing: Yes Scan Start Date : 2017/4/12 1:02 W. Europe Standard Time Scan duration : 299 sec
|
66334 - Patch Report |
[-/+] |
Synopsis
The remote host is missing several patches.Description
The remote host is missing one or more security patches. This plugin lists the newest version of each patch to install to make sure the remote host is up-to-date.Solution
Install the patches listed below.Risk Factor
NonePlugin Information:
Publication date: 2013/07/08, Modification date: 2017/03/14Ports
tcp/0
. You need to take the following 32 actions : [ CentOS 5 / 6 / 7 : java-1.6.0-openjdk (CESA-2017:0061) (96457) ] + Action to take : Update the affected java-1.6.0-openjdk packages. +Impact : Taking this action will resolve 15 different vulnerabilities (CVEs). [ CentOS 5 / 6 / 7 : java-1.7.0-openjdk (CESA-2017:0269) (97134) ] + Action to take : Update the affected java-1.7.0-openjdk packages. +Impact : Taking this action will resolve 28 different vulnerabilities (CVEs). [ CentOS 5 / 6 / 7 : nss / nss-util (CESA-2016:2779) (94981) ] + Action to take : Update the affected nss and / or nss-util packages. +Impact : Taking this action will resolve 3 different vulnerabilities (CVEs). [ CentOS 5 / 6 : bind (CESA-2017:0063) (96568) ] + Action to take : Update the affected bind packages. +Impact : Taking this action will resolve 4 different vulnerabilities (CVEs). [ CentOS 5 / 6 : firefox (CESA-2017:0459) (97612) ] + Action to take : Update the affected firefox package. +Impact : Taking this action will resolve 70 different vulnerabilities (CVEs). [ CentOS 5 / 6 : httpd (CESA-2016:1421) (httpoxy) (92378) ] + Action to take : Update the affected httpd packages. [ CentOS 6 / 7 : expat (CESA-2016:2824) (95373) ] + Action to take : Update the affected expat packages. [ CentOS 6 / 7 : ipa (CESA-2016:1797) (93318) ] + Action to take : Update the affected ipa packages. [ CentOS 6 / 7 : libgcrypt (CESA-2016:2674) (94741) ] + Action to take : Update the affected libgcrypt packages. [ CentOS 6 / 7 : libtiff (CESA-2017:0225) (96929) ] + Action to take : Update the affected libtiff packages. +Impact : Taking this action will resolve 27 different vulnerabilities (CVEs). [ CentOS 6 / 7 : libxml2 (CESA-2016:1292) (91786) ] + Action to take : Update the affected libxml2 packages. +Impact : Taking this action will resolve 14 different vulnerabilities (CVEs). [ CentOS 6 / 7 : ntp (CESA-2017:0252) (97026) ] + Action to take : Update the affected ntp packages. +Impact : Taking this action will resolve 10 different vulnerabilities (CVEs). [ CentOS 6 / 7 : openssl (CESA-2017:0286) (97305) ] + Action to take : Update the affected openssl packages. +Impact : Taking this action will resolve 11 different vulnerabilities (CVEs). [ CentOS 6 / 7 : policycoreutils (CESA-2016:2702) (94978) ] + Action to take : Update the affected policycoreutils packages. [ CentOS 6 / 7 : python (CESA-2016:1626) (httpoxy) (93029) ] + Action to take : Update the affected python packages. [ CentOS 6 / 7 : sudo (CESA-2016:2872) (95577) ] + Action to take : Update the affected sudo packages. +Impact : Taking this action will resolve 2 different vulnerabilities (CVEs). [ CentOS 6 / 7 : vim (CESA-2016:2972) (96048) ] + Action to take : Update the affected vim packages. [ CentOS 6 : bash (CESA-2017:0725) (97959) ] + Action to take : Update the affected bash packages. Note that the updated packages may not be immediately available from the package repository and its mirrors. +Impact : Taking this action will resolve 3 different vulnerabilities (CVEs). [ CentOS 6 : coreutils (CESA-2017:0654) (97956) ] + Action to take : Update the affected coreutils packages. [ CentOS 6 : ghostscript (CESA-2017:0014) (96286) ] + Action to take : Update the affected ghostscript packages. +Impact : Taking this action will resolve 4 different vulnerabilities (CVEs). [ CentOS 6 : glibc (CESA-2017:0680) (97958) ] + Action to take : Update the affected glibc packages. Note that the updated packages may not be immediately available from the package repository and its mirrors. +Impact : Taking this action will resolve 4 different vulnerabilities (CVEs). [ CentOS 6 : gnutls (CESA-2017:0574) (97951) ] + Action to take : Update the affected gnutls packages. Note that the updated packages may not be immediately available from the package repository and its mirrors. +Impact : Taking this action will resolve 4 different vulnerabilities (CVEs). [ CentOS 6 : gstreamer-plugins-bad-free (CESA-2016:2974) (96049) ] + Action to take : Update the affected gstreamer-plugins-bad-free packages. +Impact : Taking this action will resolve 2 different vulnerabilities (CVEs). [ CentOS 6 : gstreamer-plugins-good (CESA-2016:2975) (96050) ] + Action to take : Update the affected gstreamer-plugins-good packages. +Impact : Taking this action will resolve 5 different vulnerabilities (CVEs). [ CentOS 6 : kernel (CESA-2017:0817) (97962) ] + Action to take : Update the affected kernel packages. Note that the updated packages may not be immediately available from the package repository and its mirrors. +Impact : Taking this action will resolve 22 different vulnerabilities (CVEs). [ CentOS 6 : libarchive (CESA-2016:1850) (93542) ] + Action to take : Update the affected libarchive packages. +Impact : Taking this action will resolve 7 different vulnerabilities (CVEs). [ CentOS 6 : mysql (CESA-2017:0184) (96812) ] + Action to take : Update the affected mysql packages. +Impact : Taking this action will resolve 3 different vulnerabilities (CVEs). [ CentOS 6 : openjpeg (CESA-2017:0559) (97837) ] + Action to take : Update the affected openjpeg packages. +Impact : Taking this action will resolve 6 different vulnerabilities (CVEs). [ CentOS 6 : openssh (CESA-2017:0641) (97955) ] + Action to take : Update the affected openssh packages. Note that the updated packages may not be immediately available from the package repository and its mirrors. [ CentOS 6 : qemu-kvm (CESA-2017:0621) (97952) ] + Action to take : Update the affected qemu-kvm packages. +Impact : Taking this action will resolve 6 different vulnerabilities (CVEs). [ CentOS 6 : samba (CESA-2017:0662) (97957) ] + Action to take : Update the affected samba packages. +Impact : Taking this action will resolve 2 different vulnerabilities (CVEs). [ CentOS 6 : samba4 (CESA-2017:0744) (97960) ] + Action to take : Update the affected samba4 packages. +Impact : Taking this action will resolve 3 different vulnerabilities (CVEs).
22/tcp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/22
Port 22/tcp was found to be open
111/udp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
udp/111
Port 111/udp was found to be open
162/udp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
udp/162
Port 162/udp was found to be open
631/udp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
udp/631
Port 631/udp was found to be open
699/udp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
udp/699
Port 699/udp was found to be open
3306/tcp
|
10719 - MySQL Server Detection |
[-/+] |
Synopsis
A database server is listening on the remote port.Description
The remote host is running MySQL, an open source database server.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2001/08/13, Modification date: 2013/01/07Ports
tcp/3306
Version : 4.1.23-pro Protocol : 10 Server Status : SERVER_STATUS_AUTOCOMMIT Server Capabilities : CLIENT_LONG_FLAG (Get all column flags) CLIENT_CONNECT_WITH_DB (One can specify db on connect) CLIENT_COMPRESS (Can use compression protocol) CLIENT_PROTOCOL_41 (New 4.1 protocol) CLIENT_TRANSACTIONS (Client knows about transactions) CLIENT_SECURE_CONNECTION (New 4.1 authentication)
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/3306
Port 3306/tcp was found to be open
5000/tcp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/5000
Port 5000/tcp was found to be open
8009/tcp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/8009
Port 8009/tcp was found to be open
8443/tcp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/8443
Port 8443/tcp was found to be open
39317/tcp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/39317
Port 39317/tcp was found to be open
43244/udp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
udp/43244
Port 43244/udp was found to be open
57852/udp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
udp/57852
Port 57852/udp was found to be open
59654/tcp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/59654
Port 59654/tcp was found to be open
10.1.1.115
Scan Information
| Start time: |
Wed Apr 12 01:02:52 2017 |
| End time: |
Wed Apr 12 01:05:11 2017 |
Host Information
| OS: |
Linux Kernel 3.10, Linux Kernel 3.13, Linux Kernel 4.2, Linux Kernel 4.8 |
Results Summary
| Critical |
High |
Medium |
Low |
Info |
Total |
| 0 |
0 |
1 |
0 |
16 |
17 |
Results Details
0/tcp
|
19506 - Nessus Scan Information |
[-/+] |
Synopsis
This plugin displays information about the Nessus scan.Description
This plugin displays, for each tested host, information about the scan itself : - The version of the plugin set. - The type of scanner (Nessus or Nessus Home). - The version of the Nessus Engine. - The port scanner(s) used. - The port range scanned. - Whether credentialed or third-party patch management checks are possible. - The date of the scan. - The duration of the scan. - The number of hosts scanned in parallel. - The number of checks done in parallel.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2005/08/26, Modification date: 2017/02/24Ports
tcp/0
Information about this scan : Nessus version : 6.10.4 Plugin feed version : 201704110615 Scanner edition used : Nessus Scan type : Normal Scan policy used : Credentialed Patch Audit Scanner IP : 10.1.1.112 Port scanner(s) : nessus_syn_scanner Port range : 1-65535 Thorough tests : no Experimental tests : no Paranoia level : 1 Report verbosity : 1 Safe checks : yes Optimize the test : yes Credentialed checks : no Patch management checks : None CGI scanning : disabled Web application tests : disabled Max hosts : 30 Max checks : 4 Recv timeout : 5 Backports : None Allow post-scan editing: Yes Scan Start Date : 2017/4/12 1:02 W. Europe Standard Time Scan duration : 135 sec
|
21745 - Authentication Failure - Local Checks Not Run |
[-/+] |
Synopsis
The local security checks are disabled.Description
Local security checks have been disabled for this host because either the credentials supplied in the scan policy did not allow Nessus to log into it or some other problem occurred.Solution
Address the problem(s) so that local security checks are enabled.Risk Factor
NonePlugin Information:
Publication date: 2006/06/23, Modification date: 2014/11/10Ports
tcp/0
- SSH was unable to login with any supplied credentials.
22/tcp
|
11219 - Nessus SYN scanner |
[-/+] |
Synopsis
It is possible to determine which TCP ports are open.Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.Solution
Protect your target with an IP filter.Risk Factor
NonePlugin Information:
Publication date: 2009/02/04, Modification date: 2016/10/18Ports
tcp/22
Port 22/tcp was found to be open
80/tcp
|
11219 - Nessus SYN scanner |
[-/+] |
Synopsis
It is possible to determine which TCP ports are open.Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.Solution
Protect your target with an IP filter.Risk Factor
NonePlugin Information:
Publication date: 2009/02/04, Modification date: 2016/10/18Ports
tcp/80
Port 80/tcp was found to be open
514/tcp
|
11219 - Nessus SYN scanner |
[-/+] |
Synopsis
It is possible to determine which TCP ports are open.Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.Solution
Protect your target with an IP filter.Risk Factor
NonePlugin Information:
Publication date: 2009/02/04, Modification date: 2016/10/18Ports
tcp/514
Port 514/tcp was found to be open
2379/tcp
|
11219 - Nessus SYN scanner |
[-/+] |
Synopsis
It is possible to determine which TCP ports are open.Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.Solution
Protect your target with an IP filter.Risk Factor
NonePlugin Information:
Publication date: 2009/02/04, Modification date: 2016/10/18Ports
tcp/2379
Port 2379/tcp was found to be open
3333/tcp
|
11219 - Nessus SYN scanner |
[-/+] |
Synopsis
It is possible to determine which TCP ports are open.Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.Solution
Protect your target with an IP filter.Risk Factor
NonePlugin Information:
Publication date: 2009/02/04, Modification date: 2016/10/18Ports
tcp/3333
Port 3333/tcp was found to be open
4001/tcp
|
11219 - Nessus SYN scanner |
[-/+] |
Synopsis
It is possible to determine which TCP ports are open.Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.Solution
Protect your target with an IP filter.Risk Factor
NonePlugin Information:
Publication date: 2009/02/04, Modification date: 2016/10/18Ports
tcp/4001
Port 4001/tcp was found to be open
9000/tcp
|
11219 - Nessus SYN scanner |
[-/+] |
Synopsis
It is possible to determine which TCP ports are open.Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.Solution
Protect your target with an IP filter.Risk Factor
NonePlugin Information:
Publication date: 2009/02/04, Modification date: 2016/10/18Ports
tcp/9000
Port 9000/tcp was found to be open
9200/tcp
|
11219 - Nessus SYN scanner |
[-/+] |
Synopsis
It is possible to determine which TCP ports are open.Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.Solution
Protect your target with an IP filter.Risk Factor
NonePlugin Information:
Publication date: 2009/02/04, Modification date: 2016/10/18Ports
tcp/9200
Port 9200/tcp was found to be open
9300/tcp
|
11219 - Nessus SYN scanner |
[-/+] |
Synopsis
It is possible to determine which TCP ports are open.Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.Solution
Protect your target with an IP filter.Risk Factor
NonePlugin Information:
Publication date: 2009/02/04, Modification date: 2016/10/18Ports
tcp/9300
Port 9300/tcp was found to be open
9350/tcp
|
11219 - Nessus SYN scanner |
[-/+] |
Synopsis
It is possible to determine which TCP ports are open.Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.Solution
Protect your target with an IP filter.Risk Factor
NonePlugin Information:
Publication date: 2009/02/04, Modification date: 2016/10/18Ports
tcp/9350
Port 9350/tcp was found to be open
12201/tcp
|
11219 - Nessus SYN scanner |
[-/+] |
Synopsis
It is possible to determine which TCP ports are open.Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.Solution
Protect your target with an IP filter.Risk Factor
NonePlugin Information:
Publication date: 2009/02/04, Modification date: 2016/10/18Ports
tcp/12201
Port 12201/tcp was found to be open
27017/tcp
|
81777 - MongoDB Service Without Authentication Detection |
[-/+] |
Synopsis
The remote host is running a database system that does not have authentication enabled.Description
MongoDB, a document-oriented database system, is listening on the remote port, and it is configured to allow connections without any authentication. A remote attacker can therefore connect to the database system in order to create, read, update, and delete documents, collections, and databases.See Also
Solution
Enable authentication or restrict access to the MongoDB service.Risk Factor
MediumCVSS Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)Plugin Information:
Publication date: 2015/03/12, Modification date: 2015/09/24Ports
tcp/27017
Nessus was able to run the following database query on the remote MongoDB service without authenticating since authentication is not enabled: local.startup_log.findOne(); This produced a response document with the following truncated contents: (limited to 10 lines) ------------------------------ snip ------------------------------ graylog-1484917245030 hostname graylog startTime startTimeLocal Fri Jan 20 13:00:45.030 cmdLine storage dbPath /var/opt/graylog/data/mongodb [...] ------------------------------ snip ------------------------------
|
11219 - Nessus SYN scanner |
[-/+] |
Synopsis
It is possible to determine which TCP ports are open.Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.Solution
Protect your target with an IP filter.Risk Factor
NonePlugin Information:
Publication date: 2009/02/04, Modification date: 2016/10/18Ports
tcp/27017
Port 27017/tcp was found to be open
40649/tcp
|
11219 - Nessus SYN scanner |
[-/+] |
Synopsis
It is possible to determine which TCP ports are open.Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.Solution
Protect your target with an IP filter.Risk Factor
NonePlugin Information:
Publication date: 2009/02/04, Modification date: 2016/10/18Ports
tcp/40649
Port 40649/tcp was found to be open
44317/tcp
|
11219 - Nessus SYN scanner |
[-/+] |
Synopsis
It is possible to determine which TCP ports are open.Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.Solution
Protect your target with an IP filter.Risk Factor
NonePlugin Information:
Publication date: 2009/02/04, Modification date: 2016/10/18Ports
tcp/44317
Port 44317/tcp was found to be open
10.1.1.120
Scan Information
| Start time: |
Wed Apr 12 01:03:05 2017 |
| End time: |
Wed Apr 12 01:03:45 2017 |
Host Information
| OS: |
Linux Kernel 4.4.0-62-generic on Ubuntu 16.04 |
Results Summary
| Critical |
High |
Medium |
Low |
Info |
Total |
| 0 |
4 |
1 |
0 |
6 |
11 |
Results Details
0/tcp
|
97322 - Ubuntu 16.04 LTS : linux, linux-snapdragon vulnerabilities (USN-3208-1) |
[-/+] |
Synopsis
The remote Ubuntu host is missing one or more security-related patches.Description
It was discovered that the generic SCSI block layer in the Linux kernel did not properly restrict write operations in certain situations. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2016-10088) CAI Qian discovered that the sysctl implementation in the Linux kernel did not properly perform reference counting in some situations. An unprivileged attacker could use this to cause a denial of service (system hang). (CVE-2016-9191) Jim Mattson discovered that the KVM implementation in the Linux kernel mismanages the #BP and #OF exceptions. A local attacker in a guest virtual machine could use this to cause a denial of service (guest OS crash). (CVE-2016-9588) Andy Lutomirski and Willy Tarreau discovered that the KVM implementation in the Linux kernel did not properly emulate instructions on the SS segment register. A local attacker in a guest virtual machine could use this to cause a denial of service (guest OS crash) or possibly gain administrative privileges in the guest OS. (CVE-2017-2583) Dmitry Vyukov discovered that the KVM implementation in the Linux kernel improperly emulated certain instructions. A local attacker could use this to obtain sensitive information (kernel memory). (CVE-2017-2584) It was discovered that the KLSI KL5KUSB105 serial-to-USB device driver in the Linux kernel did not properly initialize memory related to logging. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-5549) Andrey Konovalov discovered a use-after-free vulnerability in the DCCP implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2017-6074). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.Solution
Update the affected packages.Risk Factor
HighCVSS v3.0 Base Score
8.4 (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
7.6 (CVSS:3.0/E:P/RL:O/RC:X)CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.6 (CVSS2#E:POC/RL:OF/RC:ND)References
Plugin Information:
Publication date: 2017/02/22, Modification date: 2017/03/07Ports
tcp/0
- Installed package : linux-image-4.4.0-62-generic_4.4.0-62.83 Fixed package : linux-image-4.4.0-64-generic_4.4.0-64.85
|
97605 - Ubuntu 16.04 LTS : linux, linux-gke, linux-raspi2, linux-snapdragon vulnerability (USN-3220-1) |
[-/+] |
Synopsis
The remote Ubuntu host is missing one or more security-related patches.Description
Alexander Popov discovered that the N_HDLC line discipline implementation in the Linux kernel contained a double-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.Solution
Update the affected packages.Risk Factor
HighCVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)CVSS v3.0 Temporal Score
6.6 (CVSS:3.0/E:U/RL:U/RC:U)CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)CVSS Temporal Score
5.5 (CVSS2#E:U/RL:U/RC:UC)References
Plugin Information:
Publication date: 2017/03/08, Modification date: 2017/03/14Ports
tcp/0
- Installed package : linux-image-4.4.0-62-generic_4.4.0-62.83 Fixed package : linux-image-4.4.0-66-generic_4.4.0-66.87
|
99096 - Ubuntu 16.04 LTS : linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon vulnerability (USN-3249-1) |
[-/+] |
Synopsis
The remote Ubuntu host is missing one or more security-related patches.Description
It was discovered that the xfrm framework for transforming packets in the Linux kernel did not properly validate data received from user space. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.Solution
Update the affected packages.Risk Factor
HighCVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)References
Plugin Information:
Publication date: 2017/03/30, Modification date: 2017/04/03Ports
tcp/0
- Installed package : linux-image-4.4.0-62-generic_4.4.0-62.83 Fixed package : linux-image-4.4.0-71-generic_4.4.0-71.92
|
99197 - Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon, linux-ti-omap4 vulnerability (USN-3256-1) |
[-/+] |
Synopsis
The remote Ubuntu host is missing one or more security-related patches.Description
Andrey Konovalov discovered that the AF_PACKET implementation in the Linux kernel did not properly validate certain block-size data. A local attacker could use this to cause a denial of service (system crash). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.Solution
Update the affected packages.Risk Factor
HighCVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)References
Plugin Information:
Publication date: 2017/04/05, Modification date: 2017/04/10Ports
tcp/0
- Installed package : linux-image-4.4.0-62-generic_4.4.0-62.83 Fixed package : linux-image-4.4.0-72-generic_4.4.0-72.93
|
97778 - Ubuntu 16.04 LTS : linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon vulnerabilities (USN-3234-1) |
[-/+] |
Synopsis
The remote Ubuntu host is missing one or more security-related patches.Description
Ralf Spenneberg discovered that the ext4 implementation in the Linux kernel did not properly validate meta block groups. An attacker with physical access could use this to specially craft an ext4 image that causes a denial of service (system crash). (CVE-2016-10208) It was discovered that the Linux kernel did not clear the setgid bit during a setxattr call on a tmpfs filesystem. A local attacker could use this to gain elevated group privileges. (CVE-2017-5551). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.Solution
Update the affected packages.Risk Factor
MediumCVSS v3.0 Base Score
4.4 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)CVSS Base Score
4.9 (CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C)CVSS Temporal Score
3.6 (CVSS2#E:U/RL:OF/RC:C)References
Plugin Information:
Publication date: 2017/03/16, Modification date: 2017/03/28Ports
tcp/0
- Installed package : linux-image-4.4.0-62-generic_4.4.0-62.83 Fixed package : linux-image-4.4.0-67-generic_4.4.0-67.88
|
12634 - Authenticated Check : OS Name and Installed Package Enumeration |
[-/+] |
Synopsis
This plugin gathers information about the remote host via an authenticated session.Description
This plugin logs into the remote host using SSH, RSH, RLOGIN, Telnet, or local commands and extracts the list of installed packages. If using SSH, the scan should be configured with a valid SSH public key and possibly an SSH passphrase (if the SSH public key is protected by a passphrase).Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/07/06, Modification date: 2017/04/10Ports
tcp/0
It was possible to log into the remote host using the supplied password. The output of "uname -a" is : Linux nexpose 4.4.0-62-generic #83-Ubuntu SMP Wed Jan 18 14:10:15 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux The remote Debian system is : stretch/sid This is a Ubuntu system Local security checks have been enabled for this host.
|
19506 - Nessus Scan Information |
[-/+] |
Synopsis
This plugin displays information about the Nessus scan.Description
This plugin displays, for each tested host, information about the scan itself : - The version of the plugin set. - The type of scanner (Nessus or Nessus Home). - The version of the Nessus Engine. - The port scanner(s) used. - The port range scanned. - Whether credentialed or third-party patch management checks are possible. - The date of the scan. - The duration of the scan. - The number of hosts scanned in parallel. - The number of checks done in parallel.Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2005/08/26, Modification date: 2017/02/24Ports
tcp/0
Information about this scan : Nessus version : 6.10.4 Plugin feed version : 201704110615 Scanner edition used : Nessus Scan type : Normal Scan policy used : Credentialed Patch Audit Scanner IP : 10.1.1.112 Port scanner(s) : netstat Port range : 1-65535 Thorough tests : no Experimental tests : no Paranoia level : 1 Report verbosity : 1 Safe checks : yes Optimize the test : yes Credentialed checks : yes, as 'nexpose' via ssh Patch management checks : None CGI scanning : disabled Web application tests : disabled Max hosts : 30 Max checks : 4 Recv timeout : 5 Backports : None Allow post-scan editing: Yes Scan Start Date : 2017/4/12 1:03 W. Europe Standard Time Scan duration : 36 sec
|
66334 - Patch Report |
[-/+] |
Synopsis
The remote host is missing several patches.Description
The remote host is missing one or more security patches. This plugin lists the newest version of each patch to install to make sure the remote host is up-to-date.Solution
Install the patches listed below.Risk Factor
NonePlugin Information:
Publication date: 2013/07/08, Modification date: 2017/03/14Ports
tcp/0
. You need to take the following action : [ Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon, linux-ti-omap4 vulnerability (USN-3256-1) (99197) ] + Action to take : Update the affected packages. +Impact : Taking this action will resolve 11 different vulnerabilities (CVEs).
22/tcp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/22
Port 22/tcp was found to be open
3780/tcp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/3780
Port 3780/tcp was found to be open
40815/tcp
|
14272 - netstat portscanner (SSH) |
[-/+] |
Synopsis
Remote open ports are enumerated via SSH.Description
This plugin runs 'netstat' on the remote machine to enumerate open ports. See the section 'plugins options' about configuring this plugin.See Also
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2004/08/15, Modification date: 2017/02/21Ports
tcp/40815
Port 40815/tcp was found to be open
Remediations
| [-] Collapse All |
| [+] Expand All |
Suggested Remediations
| Taking the following actions across 7 hosts would resolve 58% of the vulnerabilities on the network: |
| Action to take |
Vulns |
Hosts |
| Oracle Database Multiple Vulnerabilities (January 2017 CPU): Apply the appropriate patch according to the January 2017 Oracle Critical Patch Update advisory. |
120 |
2 |
| RHEL 7 : mariadb (RHSA-2016:2595): Update the affected packages. |
102 |
2 |
| RHEL 7 : kernel (RHSA-2017:0386): Update the affected packages. |
96 |
2 |
| Mozilla Firefox < 52.0.1 CreateImageBitmap RCE: Upgrade to Mozilla Firefox version 52.0.1 or later. |
86 |
1 |
| CentOS 5 / 6 : firefox (CESA-2017:0459): Update the affected firefox package. |
70 |
1 |
| RHEL 6 / 7 : java-1.8.0-openjdk (RHSA-2017:0180): Update the affected packages. |
62 |
2 |
| Adobe Reader < 11.0.19 / 15.006.30279 / 15.023.20053 Multiple Vulnerabilities (APSB17-01): Upgrade to Adobe Reader version 11.0.19 / 15.006.30279 / 15.023.20053 or later. |
62 |
2 |
| RHEL 5 / 6 / 7 : java-1.7.0-openjdk (RHSA-2017:0269): Update the affected packages. |
58 |
2 |
| RHEL 6 / 7 : libtiff (RHSA-2017:0225): Update the affected packages. |
54 |
2 |
| RHEL 5 / 6 / 7 : firefox (RHSA-2016:0373): Update the affected firefox and / or firefox-debuginfo packages. |
52 |
2 |
| RHEL 6 / 7 : ntp (RHSA-2017:0252): Update the affected packages. |
48 |
2 |
| Install MS17-013 |
96 |
6 |
| RHEL 6 / 7 : openssl (RHSA-2017:0286): Update the affected packages. |
36 |
2 |
| Install MS16-106 |
33 |
3 |
| Oracle Java SE Multiple Vulnerabilities (January 2017 CPU) (SWEET32): Upgrade to Oracle JDK / JRE 8 Update 121 / 7 Update 131 / 6 Update 141 or later. If necessary, remove any affected versions.
Note that an Extended Support contract with Oracle is needed to obtain JDK / JRE 6 Update 95 or later. |
30 |
1 |
| CentOS 5 / 6 / 7 : java-1.7.0-openjdk (CESA-2017:0269): Update the affected java-1.7.0-openjdk packages. |
28 |
1 |
| RHEL 6 / 7 : libxml2 (RHSA-2016:1292): Update the affected packages. |
28 |
2 |
| CentOS 6 / 7 : libtiff (CESA-2017:0225): Update the affected libtiff packages. |
27 |
1 |
| RHEL 6 / 7 : ImageMagick (RHSA-2016:1237): Update the affected packages. |
24 |
2 |
| CentOS 6 : kernel (CESA-2017:0817): Update the affected kernel packages. Note that the updated packages may not be immediately available from the package repository and its mirrors. |
22 |
1 |
| RHEL 7 : samba (RHSA-2016:1486): Update the affected packages. |
20 |
2 |
| RHEL 7 : bind (RHSA-2017:0276): Update the affected packages. |
16 |
2 |
| RHEL 7 : pcre (RHSA-2016:1025): Update the affected packages. |
16 |
2 |
| CentOS 5 / 6 / 7 : java-1.6.0-openjdk (CESA-2017:0061): Update the affected java-1.6.0-openjdk packages. |
15 |
1 |
| CentOS 6 / 7 : libxml2 (CESA-2016:1292): Update the affected libxml2 packages. |
14 |
1 |
| Install MS16-110 |
14 |
1 |
| RHEL 5 / 6 / 7 : nss and nss-util (RHSA-2016:2779): Update the affected packages. |
12 |
2 |
| Install MS17-006 |
24 |
6 |
| Install MS16-149 |
24 |
6 |
| Install MS16-142 |
24 |
6 |
| Install MS16-132 |
24 |
6 |
| Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon, linux-ti-omap4 vulnerability (USN-3256-1): Update the affected packages. |
11 |
1 |
| CentOS 6 / 7 : openssl (CESA-2017:0286): Update the affected openssl packages. |
11 |
1 |
| CentOS 6 / 7 : ntp (CESA-2017:0252): Update the affected ntp packages. |
10 |
1 |
| RHEL 7 : ghostscript (RHSA-2017:0013): Update the affected packages. |
10 |
2 |
| RHEL 7 : krb5 (RHSA-2016:2591): Update the affected packages. |
10 |
2 |
| Install MS17-022 |
18 |
6 |
| Install MS16-130 |
18 |
6 |
| Install MS15-085 |
8 |
1 |
| RHEL 7 : graphite2 (RHSA-2016:0594): Update the affected graphite2, graphite2-debuginfo and / or graphite2-devel packages. |
8 |
2 |
| RHEL 7 : nettle (RHSA-2016:2582): Update the affected nettle, nettle-debuginfo and / or nettle-devel packages. |
8 |
2 |
| CentOS 6 : libarchive (CESA-2016:1850): Update the affected libarchive packages. |
7 |
1 |
| CentOS 6 : openjpeg (CESA-2017:0559): Update the affected openjpeg packages. |
6 |
1 |
| CentOS 6 : qemu-kvm (CESA-2017:0621): Update the affected qemu-kvm packages. |
6 |
1 |
| Install MS16-014 |
24 |
4 |
| RHEL 6 / 7 : sudo (RHSA-2016:2872): Update the affected sudo, sudo-debuginfo and / or sudo-devel packages. |
6 |
2 |
| RHEL 7 : curl (RHSA-2016:2575): Update the affected packages. |
6 |
2 |
| RHEL 7 : openssh (RHSA-2016:2588): Update the affected packages. |
6 |
2 |
| Install MS17-017 |
12 |
6 |
| Install MS17-011 |
12 |
6 |
| Install MS16-153 |
12 |
6 |
| Install MS16-124 |
12 |
6 |
| Install MS16-123 |
12 |
6 |
| CentOS 6 : gstreamer-plugins-good (CESA-2016:2975): Update the affected gstreamer-plugins-good packages. |
5 |
1 |
| Wireshark 2.0.x < 2.0.11 / 2.2.x < 2.2.5 Multiple DoS: Upgrade to Wireshark version 2.0.11 / 2.2.5 or later. |
5 |
1 |
| CentOS 5 / 6 : bind (CESA-2017:0063): Update the affected bind packages. |
4 |
1 |
| CentOS 6 : ghostscript (CESA-2017:0014): Update the affected ghostscript packages. |
4 |
1 |
| CentOS 6 : glibc (CESA-2017:0680): Update the affected glibc packages. Note that the updated packages may not be immediately available from the package repository and its mirrors. |
4 |
1 |
| CentOS 6 : gnutls (CESA-2017:0574): Update the affected gnutls packages. Note that the updated packages may not be immediately available from the package repository and its mirrors. |
4 |
1 |
| Install MS16-030 |
4 |
1 |
| Install MS15-118 |
8 |
2 |
| Install MS15-109 |
4 |
1 |
| RHEL 7 : python (RHSA-2016:2586): Update the affected packages. |
4 |
2 |
| Install MS16-065 |
8 |
4 |
| Install MS11-025 |
8 |
4 |
| CentOS 5 / 6 / 7 : nss / nss-util (CESA-2016:2779): Update the affected nss and / or nss-util packages. |
3 |
1 |
| CentOS 6 : bash (CESA-2017:0725): Update the affected bash packages. Note that the updated packages may not be immediately available from the package repository and its mirrors. |
3 |
1 |
| CentOS 6 : mysql (CESA-2017:0184): Update the affected mysql packages. |
3 |
1 |
| CentOS 6 : samba4 (CESA-2017:0744): Update the affected samba4 packages. |
3 |
1 |
| Install MS15-132 |
3 |
1 |
| Install MS15-084 |
3 |
1 |
| Install MS14-072 |
3 |
1 |
| Install MS16-115 |
3 |
3 |
| Install MS16-087 |
3 |
3 |
| Install MS16-080 |
3 |
3 |
| Install MS16-076 |
3 |
3 |
| Install MS16-075 |
3 |
3 |
| Install MS16-061 |
3 |
3 |
| Install MS16-048 |
3 |
3 |
| Install MS16-047 |
3 |
3 |
| Install MS16-044 |
3 |
3 |
| CentOS 6 / 7 : sudo (CESA-2016:2872): Update the affected sudo packages. |
2 |
1 |
| CentOS 6 : gstreamer-plugins-bad-free (CESA-2016:2974): Update the affected gstreamer-plugins-bad-free packages. |
2 |
1 |
| CentOS 6 : samba (CESA-2017:0662): Update the affected samba packages. |
2 |
1 |
| Install MS16-017 |
2 |
1 |
| Install MS15-119 |
2 |
1 |
| Install MS15-101 |
4 |
2 |
| RHEL 6 / 7 : expat (RHSA-2016:2824): Update the affected packages. |
2 |
2 |
| RHEL 6 / 7 : libgcrypt (RHSA-2016:2674): Update the affected libgcrypt, libgcrypt-debuginfo and / or libgcrypt-devel packages. |
2 |
2 |
| RHEL 6 / 7 : libssh2 (RHSA-2016:0428): Update the affected packages. |
2 |
2 |
| RHEL 6 / 7 : vim (RHSA-2016:2972): Update the affected packages. |
2 |
2 |
| RHEL 7 : NetworkManager (RHSA-2016:2581): Update the affected packages. |
2 |
2 |
| RHEL 7 : dhcp (RHSA-2016:2590): Update the affected packages. |
2 |
2 |
| RHEL 7 : fontconfig (RHSA-2016:2601): Update the affected packages. |
2 |
2 |
| RHEL 7 : glibc (RHSA-2016:2573): Update the affected packages. |
2 |
2 |
| RHEL 7 : libndp (RHSA-2016:1086): Update the affected libndp, libndp-debuginfo and / or libndp-devel packages. |
2 |
2 |
| RHEL 7 : policycoreutils (RHSA-2017:0536): Update the affected packages. |
2 |
2 |
| RHEL 7 : subscription-manager (RHSA-2016:2592): Update the affected packages. |
2 |
2 |
| RHEL 7 : systemd (RHSA-2016:2610): Update the affected packages. |
2 |
2 |
| RHEL 7 : util-linux (RHSA-2016:2605): Update the affected packages. |
2 |
2 |
| CentOS 5 / 6 : httpd (CESA-2016:1421) (httpoxy): Update the affected httpd packages. |
1 |
1 |
| CentOS 6 / 7 : expat (CESA-2016:2824): Update the affected expat packages. |
1 |
1 |
| CentOS 6 / 7 : ipa (CESA-2016:1797): Update the affected ipa packages. |
1 |
1 |
| CentOS 6 / 7 : libgcrypt (CESA-2016:2674): Update the affected libgcrypt packages. |
1 |
1 |
| CentOS 6 / 7 : policycoreutils (CESA-2016:2702): Update the affected policycoreutils packages. |
1 |
1 |
| CentOS 6 / 7 : python (CESA-2016:1626) (httpoxy): Update the affected python packages. |
1 |
1 |
| CentOS 6 : coreutils (CESA-2017:0654): Update the affected coreutils packages. |
1 |
1 |
| CentOS 6 : openssh (CESA-2017:0641): Update the affected openssh packages. Note that the updated packages may not be immediately available from the package repository and its mirrors. |
1 |
1 |
| Install MS16-021 |
1 |
1 |
| Install MS16-020 |
1 |
1 |
| Install MS15-135 |
1 |
1 |
| Install MS15-102 |
1 |
1 |
| Install MS15-090 |
1 |
1 |
| Install MS15-082 |
1 |
1 |
| Install MS15-060 |
1 |
1 |
| Install MS15-051 |
1 |
1 |
| Install MS15-041 |
1 |
1 |
| Install MS15-006 |
1 |
1 |
| Install MS14-053 |
1 |
1 |
| Install MS14-031 |
1 |
1 |
| Install MS13-090 |
1 |
1 |
| Install MS16-071 |
1 |
1 |
| CentOS 6 / 7 : vim (CESA-2016:2972): Update the affected vim packages. |
0 |
1 |
| RHEL 7 : wget (RHSA-2016:2587): Update the affected wget and / or wget-debuginfo packages. |
0 |
2 |
|
|